Fix internet :)

Related to #96
Update version grabber
2026-01-27 12:40:36 +03:00 · 2024-08-29 19:28:26 +03:00 · 2024-08-29 18:13:51 +03:00 · 2024-08-29 17:45:11 +03:00 · 2024-08-29 15:55:05 +03:00 · 2024-08-29 15:49:01 +03:00
21 changed files with 2354 additions and 902 deletions
--- a/.github/workflows/build-alpine.yml
+++ b/.github/workflows/build-alpine.yml
@@ -1,65 +0,0 @@
 name: Alpine
 on:
  push:
    branches:
      - main
 jobs:
  build:
    name: build ${{ matrix.arch }}
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
          # arch: [x86_64, x86, aarch64, armhf, armv7, ppc64le, s390x]
          arch: [x86_64, x86, aarch64, armhf]
          os: [ubuntu-latest]
          branch: [latest-stable]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up ccache
        uses: actions/cache@v4
        with:
          path: ${{ github.workspace }}/.ccache
          key: ccache-${{ matrix.arch }}-${{ github.run_id }}
          restore-keys: ccache-${{ matrix.arch }}-
      - name: Set up Alpine Linux for ${{ matrix.arch }}
        uses: jirutka/setup-alpine@v1
        with:
          arch: ${{ matrix.arch }}
          branch: ${{ matrix.branch }}
          packages: >
            bash build-base ccache coreutils findutils gawk git grep tar wget xz
            autoconf automake libtool pkgconf linux-headers
          shell-name: alpine.sh
      - name: Build inside chroot
        id: build
        env:
          ARCH: ${{ matrix.arch }}
          CCACHE_DIR: ${{ github.workspace }}/.ccache
          PKG_REV: ${{ github.sha }}
        shell: alpine.sh {0}
        run: |
          PKG_REV=$(echo $PKG_REV | cut -c1-7)
          case $ARCH in
            x86_64)  PLATFORM=x64 ;;
            x86)     PLATFORM=x86 ;;
            aarch64) PLATFORM=arm64 ;;
            armhf)   PLATFORM=arm ;;
            *)       PLATFORM=$ARCH ;;
          esac
          make -j$(nproc) CC="ccache gcc -static-libgcc -static" || exit 1
          strip -s build/youtubeUnblock
          tar -C build -cJvf "youtubeUnblock-$PKG_REV-$PLATFORM.tar.xz" youtubeUnblock
          ccache --show-stats
      - name: Upload artifacts
        if: steps.build.outcome == 'success'
        uses: actions/upload-artifact@v4
        with:
          name: ${{ github.workflow }}-${{ matrix.arch }}
          path: ./**/youtubeUnblock*.tar.xz
--- a/.github/workflows/build-ci.yml
+++ b/.github/workflows/build-ci.yml
@@ -0,0 +1,287 @@
 name: CI
 on:
  push:
    branches:
      - main
    paths-ignore:
      - '.editorconfig'
      - '.gitignore'
      - 'LICENSE'
      - 'README.md'
  workflow_dispatch:
 jobs:
  prepare:
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.gh.outputs.version }}
      sha: ${{ steps.gh.outputs.sha }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: 'openwrt'
      - name: GH
        id: gh
        env:
          REPO: ${{ github.repository }}
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        shell: bash
        run: |
          echo "version=$(cat youtubeUnblock/Makefile | grep PKG_VERSION | sed 's/PKG_VERSION:=//')" >> $GITHUB_OUTPUT
          if [[ "${{ github.event_name }}" != "pull_request" ]]; then
            echo "sha=$(echo ${GITHUB_SHA::7})" >> $GITHUB_OUTPUT
          else
            echo "sha=$(gh api repos/$REPO/commits/main --jq '.sha[:7]')" >> $GITHUB_OUTPUT
          fi
  build-static:
    needs: prepare
    name: build ${{ matrix.arch }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        # arch: [x86_64, x86, aarch64, armhf, armv7, ppc64le, s390x]
        arch: [x86_64, x86, aarch64, armhf]
        branch: [latest-stable]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up ccache
        uses: actions/cache@v4
        with:
          path: ${{ github.workspace }}/.ccache
          key: ccache-${{ matrix.arch }}-${{ github.run_id }}
          restore-keys: ccache-${{ matrix.arch }}-
      - name: Set up Alpine Linux for ${{ matrix.arch }}
        uses: jirutka/setup-alpine@v1
        with:
          arch: ${{ matrix.arch }}
          branch: ${{ matrix.branch }}
          packages: >
            bash build-base ccache coreutils findutils gawk git grep tar wget xz
            autoconf automake libtool pkgconf linux-headers
          shell-name: alpine.sh
      - name: Build inside chroot
        id: build
        env:
          ARCH: ${{ matrix.arch }}
          CCACHE_DIR: ${{ github.workspace }}/.ccache
          VERSION: ${{ needs.prepare.outputs.version }}
          SHA: ${{ needs.prepare.outputs.sha }}
        shell: alpine.sh {0}
        run: |
          case $ARCH in
            x86_64)  PLATFORM=x86_64 ;;
            x86)     PLATFORM=x86 ;;
            aarch64) PLATFORM=arm64 ;;
            armhf)   PLATFORM=arm ;;
            *)       PLATFORM=$ARCH ;;
          esac
          make -j$(nproc) CC="ccache gcc -static-libgcc -static" || exit 1
          strip -s build/youtubeUnblock
          rm -rf youtubeUnblock || true
          mkdir youtubeUnblock
          cp build/youtubeUnblock youtubeUnblock
          cp youtubeUnblock.service youtubeUnblock
          cp README.md youtubeUnblock
          tar -czvf youtubeUnblock-$VERSION-$SHA-$PLATFORM-static.tar.gz youtubeUnblock
          ccache --show-stats
      - name: Upload artifacts
        if: steps.build.outcome == 'success'
        uses: actions/upload-artifact@v4
        with:
          name: static-${{ matrix.arch }}
          path: ./**/youtubeUnblock*.tar.gz
  build-openwrt:
    needs: prepare
    runs-on: ubuntu-latest
    strategy:
      matrix:
        branch:
          - openwrt-23.05
        arch:
          - aarch64_cortex-a53
          - aarch64_cortex-a72
          - aarch64_generic
          - arm_arm1176jzf-s_vfp
          - arm_arm926ej-s
          - arm_cortex-a15_neon-vfpv4
          - arm_cortex-a5_vfpv4
          - arm_cortex-a7
          - arm_cortex-a7_neon-vfpv4
          - arm_cortex-a7_vfpv4
          - arm_cortex-a8_vfpv3
          - arm_cortex-a9
          - arm_cortex-a9_neon
          - arm_cortex-a9_vfpv3-d16
          - arm_fa526
          - arm_mpcore
          - arm_xscale
          - mips64_octeonplus
          - mips_24kc
          - mips_4kec
          - mips_mips32
          - mipsel_24kc
          - mipsel_24kc_24kf
          - mipsel_74kc
          - mipsel_mips32
          - x86_64
    container:
      image: openwrt/sdk:${{ matrix.arch }}-${{ matrix.branch }}
      options: --user root
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: 'openwrt'
      - name: Prepare build
        env:
          VERSION: ${{ needs.prepare.outputs.version }}
          SHA: ${{ needs.prepare.outputs.sha }}
        run: |
          sed -i "s/PKG_REV:=.*$/PKG_REV:=$SHA/;s/PKG_VERSION:=.*$/PKG_VERSION:=$VERSION-$SHA/" youtubeUnblock/Makefile
      - name: Build packages
        id: build
        env:
          VERSION: ${{ needs.prepare.outputs.version }}
          SHA: ${{ needs.prepare.outputs.sha }}
        working-directory: /builder
        run: |
          echo "src-link youtubeUnblock $GITHUB_WORKSPACE" >> feeds.conf
          cat feeds.conf
          ./scripts/feeds update youtubeUnblock
          ./scripts/feeds install -a -p youtubeUnblock
          make defconfig
          make package/youtubeUnblock/compile V=s
          mv $(find ./bin -type f -name 'youtubeUnblock*.ipk') ./youtubeUnblock-$VERSION-$SHA-${{ matrix.arch }}-${{ matrix.branch }}.ipk
      - name: Upload packages
        if: steps.build.outcome == 'success'
        uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.branch }}-${{ matrix.arch }}
          path: /builder/youtubeUnblock*.ipk
          if-no-files-found: error
  build-entware:
    needs: prepare
    runs-on: ubuntu-latest
    strategy:
      matrix:
        arch:
          - aarch64-3.10
          - armv7-3.2
          - mips-3.4
          - mipsel-3.4
          - x64-3.2
    steps:
      - name: Set up Entware docker container
        run: |
          git clone --depth 1 https://github.com/Entware/docker.git
          docker build docker --pull --tag builder
          docker volume create entware-home
      - name: Restore Entware from cache
        id: cache-restore
        uses: actions/cache/restore@v4
        with:
          path: ~/entware
          key: entware-${{ matrix.arch }}
      - name: Load Entware from cache
        if: steps.cache-restore.outputs.cache-hit == 'true'
        run: |
          docker run --rm --mount source=entware-home,target=/backup_vol -v ~/entware:/backup ubuntu tar -xf /backup/entware.tar -C /backup_vol
          docker run --rm --mount source=entware-home,target=/home/me -w /home/me ubuntu bash -c 'cp -r ./backup_vol/* ./'
          docker run --rm --mount source=entware-home,target=/home/me -w /home/me ubuntu bash -c 'chown -R 1000:1000 ./* ./'
      - name: Build Entware
        if: steps.cache-restore.outputs.cache-hit != 'true'
        run: |
          docker run --rm -i --mount source=entware-home,target=/home/me -w /home/me --name builder builder git clone --depth 1 https://github.com/Entware/Entware.git
          docker run --rm -i --mount source=entware-home,target=/home/me -w /home/me/Entware --name builder builder make package/symlinks
          docker run --rm -i --mount source=entware-home,target=/home/me -w /home/me/Entware --name builder builder cp -v configs/${{ matrix.arch }}.config .config
          docker run --rm -i --mount source=entware-home,target=/home/me -w /home/me/Entware --name builder builder make -j$(nproc) toolchain/install
          docker run --rm --mount source=entware-home,target=/backup_vol -v ~/entware:/backup ubuntu tar -cf /backup/entware.tar /backup_vol
      - name: Save Entware to cache
        if: steps.cache-restore.outputs.cache-hit != 'true'
        id: cache-save
        uses: actions/cache/save@v4
        with:
          path: ~/entware
          key: entware-${{ matrix.arch }}
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: 'entware'
      - name: Prepare build
        env:
          VERSION: ${{ needs.prepare.outputs.version }}
          SHA: ${{ needs.prepare.outputs.sha }}
        run: |
          sed -i "s/PKG_REV:=.*$/PKG_REV:=$SHA/;s/PKG_VERSION:=.*$/PKG_VERSION:=$VERSION-$SHA/" youtubeUnblock/Makefile
      - name: Build packages
        id: build
        run: |
          echo "src-link youtubeUnblock /youtubeUnblock" | docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder tee -a feeds.conf
          docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder ./scripts/feeds update youtubeUnblock
          docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder ./scripts/feeds install -a -p youtubeUnblock
          echo "CONFIG_PACKAGE_youtubeUnblock=m" | docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder tee -a .config
          docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder make package/youtubeUnblock/compile V=s
      - name: Extract packages
        if: steps.build.outcome == 'success'
        shell: bash
        env:
          VERSION: ${{ needs.prepare.outputs.version }}
          SHA: ${{ needs.prepare.outputs.sha }}
        run: |
          mkdir output
          docker run --rm --user root -i --mount source=entware-home,target=/home/me -v $(pwd):/target -w /home/me/Entware --name builder builder find ./bin -type f -name 'youtubeUnblock*.ipk' -exec cp -v {} /target/output \;
          rm -rf youtubeUnblock || true
          mkdir youtubeUnblock
          bash -c "cp -r ./output/* youtubeUnblock"
          tar -czvf youtubeUnblock-$VERSION-$SHA-${{ matrix.arch }}-entware.tar.gz youtubeUnblock
      - name: Upload packages
        if: steps.build.outcome == 'success'
        uses: actions/upload-artifact@v4
        with:
          name: entware-${{ matrix.arch }}
          path: ./**/youtubeUnblock*-entware.tar.gz
          if-no-files-found: error
  pre-release:
    if: github.event_name != 'pull_request' && github.ref_name == 'main'
    needs: [build-static, build-openwrt, build-entware]
    permissions:
      contents: write
    runs-on: ubuntu-latest
    steps:
      - name: Download artifacts
        uses: actions/download-artifact@v4
      - name: Upload assets
        uses: slord399/action-automatic-releases@v1.0.1
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          automatic_release_tag: 'continuous'
          prerelease: true
          title: 'Development build'
          files: |
            ./**/youtubeUnblock*.ipk
            ./**/youtubeUnblock*.tar.gz
--- a/.github/workflows/build-entware.yml
+++ b/.github/workflows/build-entware.yml
@@ -1,99 +0,0 @@
 name: Entware Workflow
 on:
  push:
    branches: 
      - main
 jobs:
  build:
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.build.outputs.version }}
    strategy:
      matrix:
        branch: [entware]
        arch:
          - aarch64-3.10
          - armv7-3.2
          - mips-3.4
          - mipsel-3.4
          - x64-3.2
    steps:
      - name: Entware docker container
        run: |
          git clone https://github.com/Entware/docker.git
          docker build docker --pull --tag builder
          docker volume create entware-home
      - name: Get cache dir
        id: cache_dir
        run: |
          mkdir gh_act_cache
          echo "cache_dir=$(pwd)/gh_act_cache" >> ${GITHUB_OUTPUT}
      - name: Restore cached build
        id: cache-build-restore
        uses: actions/cache/restore@v4
        with: 
          path: ${{ steps.cache_dir.outputs.cache_dir }}
          key: ${{ matrix.arch }}-cache
      - name: Load entware from cache
        if: steps.cache-build-restore.outputs.cache-hit == 'true'
        run: |
          docker run --rm --mount source=entware-home,target=/backup_vol -v ${{ steps.cache_dir.outputs.cache_dir }}:/backup ubuntu tar -xf /backup/entware.tar -C /backup_vol
          docker run --rm --mount source=entware-home,target=/home/me -w /home/me ubuntu bash -c "cp -r ./backup_vol/* ./"
          docker run --rm --mount source=entware-home,target=/home/me -w /home/me ubuntu bash -c "chown -R 1000:1000 ./* ./"
      - name: Build entware
        if: steps.cache-build-restore.outputs.cache-hit != 'true'
        run: |
          docker run --rm -i --mount source=entware-home,target=/home/me -w /home/me --name builder builder git clone https://github.com/Entware/Entware.git
          docker run --rm -i --mount source=entware-home,target=/home/me -w /home/me/Entware --name builder builder make package/symlinks
          docker run --rm -i --mount source=entware-home,target=/home/me -w /home/me/Entware --name builder builder cp -v configs/${{ matrix.arch }}.config .config
          docker run --rm -i --mount source=entware-home,target=/home/me -w /home/me/Entware --name builder builder make -j$(nproc) toolchain/install
          docker run --rm --mount source=entware-home,target=/backup_vol -v ${{ steps.cache_dir.outputs.cache_dir }}:/backup ubuntu tar -cf /backup/entware.tar /backup_vol/
      - name: Save cache build
        if: steps.cache-build-restore.outputs.cache-hit != 'true'
        id: cache-build-save
        uses: actions/cache/save@v4
        with:
          path: ${{ steps.cache_dir.outputs.cache_dir }}
          key: ${{ matrix.arch }}-cache
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: 'openwrt'
      - name: Prepare workflow
        shell: bash
        run: |
          sed -i 's/PKG_REV:=.*$/PKG_REV:=${{ github.sha }}/;s/PKG_VERSION:=.*$/PKG_VERSION:=$(date %Y%m%d)/' youtubeUnblock/Makefile
      - name: Build packages
        id: build
        shell: bash
        run: |
          echo "src-link youtubeUnblock /youtubeUnblock" | docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder tee -a feeds.conf
          docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder ./scripts/feeds update youtubeUnblock
          docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder ./scripts/feeds install -a -p youtubeUnblock
          echo "CONFIG_PACKAGE_youtubeUnblock=m" | docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder tee -a .config
          docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder make package/youtubeUnblock/compile V=s
      - name: Extract packages
        if: steps.build.outcome == 'success'
        run: |
          mkdir output
          docker run --rm --user root -i --mount source=entware-home,target=/home/me -v $(pwd):/target -w /home/me/Entware --name builder builder cp -r bin /target/output/
      - name: Upload packages
        if: steps.build.outcome == 'success'
        uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.arch }}-${{ matrix.branch }}          
          path: ./output/**/*
          if-no-files-found: error
--- a/.github/workflows/build-openwrt.yml
+++ b/.github/workflows/build-openwrt.yml
@@ -1,79 +0,0 @@
 name: OpenWRT Workflow
 on:
  push:
    branches:
      - main
 jobs:
  build:
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.build.outputs.version }}
    strategy:
      matrix:
        branch: 
          - openwrt-23.05
        arch:
          - aarch64_cortex-a53
          - aarch64_cortex-a72
          - aarch64_generic
          - arm_arm1176jzf-s_vfp
          - arm_arm926ej-s
          - arm_cortex-a15_neon-vfpv4
          - arm_cortex-a5_vfpv4
          - arm_cortex-a7
          - arm_cortex-a7_neon-vfpv4
          - arm_cortex-a7_vfpv4
          - arm_cortex-a8_vfpv3
          - arm_cortex-a9
          - arm_cortex-a9_neon
          - arm_cortex-a9_vfpv3-d16
          - arm_fa526
          - arm_mpcore
          - armsr-armv8
          - armsr-armv7
          - mips64_octeonplus
          - mips_24kc
          - mips_4kec
          - mips_mips32
          - mipsel_24kc
          - mipsel_24kc_24kf
          - mipsel_74kc
          - mipsel_mips32
          - ramips-mt76x8
          - ramips-mt7621
          - x86_64
    container:
      image: openwrt/sdk:${{ matrix.arch }}-${{ matrix.branch }}
      options: --user root
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: 'openwrt'
      - name: Prepare workflow
        shell: bash
        run: |
          sed -i 's/PKG_REV:=.*$/PKG_REV:=${{ github.sha }}/;s/PKG_VERSION:=.*$/PKG_VERSION:=$(date %Y%m%d)/' youtubeUnblock/Makefile
      - name: Build packages
        id: build
        working-directory: /builder
        shell: bash
        run: |
          echo "src-link youtubeUnblock $GITHUB_WORKSPACE" >> feeds.conf
          su - buildbot -c 'cat feeds.conf'
          su - buildbot -c './scripts/feeds update youtubeUnblock'
          su - buildbot -c './scripts/feeds install -a -p youtubeUnblock'
          su - buildbot -c 'make defconfig'
          su - buildbot -c 'make package/youtubeUnblock/compile V=s BUILD_LOG=1'
      - name: Upload packages
        if: steps.build.outcome == 'success'
        uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.arch }}-${{ matrix.branch }}          
          path: /builder/**/youtubeUnblock*.ipk
          if-no-files-found: error
--- a/9
+++ b/9
@@ -9,6 +9,11 @@ $(KMAKE_TARGETS):
 	@$(MAKE) -f kmake.mk $@
 clean:
-	-@$(MAKE) -f kmake.mk kclean
+	-@$(MAKE) -f uspace.mk clean
 	@$(MAKE) -f uspace.mk clean
 distclean: clean
 	-@$(MAKE) -f uspace.mk distclean
 kclean:
 	-@$(MAKE) -f kmake.mk kclean
--- a/README.md
+++ b/README.md
@@ -1,121 +1,299 @@
 - [youtubeUnblock](#youtubeunblock)
  - [Configuration](#configuration)
    - [OpenWRT pre configuration](#openwrt-pre-configuration)
    - [Entware](#entware)
    - [PC configuration](#pc-configuration)
    - [Firewall configuration](#firewall-configuration)
      - [nftables rules](#nftables-rules)
      - [Iptables rules](#iptables-rules)
    - [IPv6](#ipv6)
  - [Check it](#check-it)
  - [Flags](#flags)
  - [Troubleshooting](#troubleshooting)
    - [TV](#tv)
    - [Troubleshooting EPERMS (Operation not permitted)](#troubleshooting-eperms-operation-not-permitted)
  - [How it works:](#how-it-works)
  - [How it processes packets](#how-it-processes-packets)
  - [Compilation](#compilation)
  - [OpenWRT case](#openwrt-case)
    - [Building OpenWRT .ipk package](#building-openwrt-ipk-package)
    - [Building with toolchain](#building-with-toolchain)
 # youtubeUnblock
 Bypasses Googlevideo detection systems that relies on SNI. The package is for Linux only. The package is fully compatible with routers running OpenWRT. 
-The program offers binaries via [Github Actions](https://github.com/Waujito/youtubeUnblock/actions). You can find [packages for OpenWRT under this link](https://github.com/Waujito/youtubeUnblock/actions/workflows/build-openwrt.yml). You can check the architecture of your device with command `grep ARCH /etc/openwrt_release`. Also [static binaries for PCs are available here](https://github.com/Waujito/youtubeUnblock/actions/workflows/build-alpine.yml). 
+Bypasses Deep Packet Inspection (DPI) systems that relies on SNI. The package is for Linux only. It is also fully compatible with routers running [OpenWRT](https://github.com/openwrt). 
-The program is also compatible with routers driven by [Entware](https://github.com/Entware/Entware) (Keenetics/some Asuses). You can find binaries [here](https://github.com/Waujito/youtubeUnblock/actions/workflows/build-entware.yml). And [here is an installation guide](https://help.keenetic.com/hc/ru/articles/360021214160-%D0%A3%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2%D0%BA%D0%B0-%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D1%8B-%D0%BF%D0%B0%D0%BA%D0%B5%D1%82%D0%BE%D0%B2-%D1%80%D0%B5%D0%BF%D0%BE%D0%B7%D0%B8%D1%82%D0%BE%D1%80%D0%B8%D1%8F-Entware-%D0%BD%D0%B0-USB-%D0%BD%D0%B0%D0%BA%D0%BE%D0%BF%D0%B8%D1%82%D0%B5%D0%BB%D1%8C). Install the package with opkg. If you got read-only filesystem error you may unpack the binary manually or specify opkg path `opkg -o <destdir>`.
+The program was primarily developed to bypass YouTube Outage in Russia.
-For Windows use [GoodbyeDPI from ValdikSS](https://github.com/ValdikSS/GoodbyeDPI) (you can find how to use it for YouTube [here](https://github.com/ValdikSS/GoodbyeDPI/issues/378)) The same behavior is also implemented in [zapret package for linux](https://github.com/bol-van/zapret).
+The program is compatible with routers based on OpenWRT, Entware(Keenetic/ASUS) and host machines. The program offers binaries via Github Actions. The binaries of main branch are published in the [development pre-release](https://github.com/Waujito/youtubeUnblock/releases/tag/continuous). Check out [Github Actions](https://github.com/Waujito/youtubeUnblock/actions/workflows/build-ci.yml) if you want to see all the binaries compiled ever. You should know the arcitecture of your hardware to use binaries. On OpenWRT you can check it with command `grep ARCH /etc/openwrt_release`.
 On both OpenWRT and Entware install the program with opkg. If you got read-only filesystem error you may unpack the binary manually or specify opkg path `opkg -o <destdir>`.
 For Windows use [GoodbyeDPI by ValdikSS](https://github.com/ValdikSS/GoodbyeDPI) (you can find how to use it for YouTube [here](https://github.com/ValdikSS/GoodbyeDPI/issues/378)) The same behavior is also implemented in [zapret package for linux](https://github.com/bol-van/zapret).
 ## Configuration
 ### OpenWRT pre configuration
 When you got the packet, you should install it. Go to your router interface and put it in via System-Software-install_package. Now the package is on the router. Goto System-Startup, restart firewall and start youtubeUnblock. You are done! To make it work you should register an iptables rule and install required kernel modules. The list of modules depends on your the version of OpenWRT and which firewall do you use (iptables or nftables). The common dependency id `kmod-nfnetlink-queue` but it is provided as dependency for another firewall packets. 
-So, if you are on iptables you should install: `kmod-ipt-nfqueue`, `iptables-mod-nfqueue`, `kmod-ipt-conntrack-extra`, `iptables-mod-conntrack-extra` and of course iptables user-space app should be available.
+When you got the release package, you should install it. Go to your router interface and put it in via *System-Software-install_package* menu. Go to *System-Startup* menu, restart firewall and start **youtubeUnblock**. 
 On nftables the dependencies are: `kmod-nft-queue` and `kmod-nf-conntrack`.
-Next step is to add required rules. For nftables on OpenWRT rules comes out-of-the-box and stored under /usr/share/nftables.d/ruleset-post/537-youtubeUnblock.nft. All you need is install requirements and do `/etc/init.d/firewall reload`. If no, go to Firewall configuration.
+To make it work you should register an iptables rule and install required kernel modules. The list of modules depends on the version of OpenWRT and which firewall do you use (iptables or nftables). 
 The common dependency is
 ```text
 kmod-nfnetlink-queue
 ``` 
 but it is provided as dependency for another firewall packages. 
 So, if you are on **iptables** you should install: 
 ```text
 kmod-ipt-nfqueue
 iptables-mod-nfqueue
 kmod-ipt-conntrack-extra
 iptables-mod-conntrack-extra
 ```
 and of course, iptables user-space app should be available.
 On **nftables** the dependencies are: 
 ```text
 kmod-nft-queue
 kmod-nf-conntrack
 ```
 Next step is to add required firewall rules. 
 For nftables on OpenWRT rules comes out-of-the-box and stored under `/usr/share/nftables.d/ruleset-post/537-youtubeUnblock.nft`. All you need is install requirements and do `/etc/init.d/firewall reload`. If no, go to [Firewall configuration](#firewall-configuration).
 Now we are ready to demonize the application.
 Now we are ready to daemonize the application.
 If you installed package from Github Actions or built it yourself with OpenWRT SDK, rc scripts are preinstalled. All you need is to do `/etc/init.d/youtubeUnblock start`.
-Else copy `owrt/youtubeUnblock.owrt` to `/etc/init.d/youtubeUnblock` and put the program into /usr/bin/. (Don't forget to `chmod +x` both). Now run `/etc/init.d/youtubeUnblock start`. 
+Elsewhere copy `owrt/youtubeUnblock.owrt` to `/etc/init.d/youtubeUnblock` and put the program's binary into /usr/bin/. (Don't forget to `chmod +x` both). Now run `/etc/init.d/youtubeUnblock start`. 
-You can also run `/etc/init.d/youtubeUnblock enable` to force OpenWRT autostart the program on boot, but I don't recommend this since if the packet has bug you may lose access to the router (I think you will be able to reset it with reset settings tricks documented for your router). 
+You can also run `/etc/init.d/youtubeUnblock enable` to force OpenWRT autostart on boot, but I don't recommend this since if the package has bugs you may lose access to the router (I think you will be able to reset it with reset settings tricks documented for your router). 
 ### Entware
 For Entware on Keenetic here is an [installation guide (russian)](https://help.keenetic.com/hc/ru/articles/360021214160-%D0%A3%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2%D0%BA%D0%B0-%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D1%8B-%D0%BF%D0%B0%D0%BA%D0%B5%D1%82%D0%BE%D0%B2-%D1%80%D0%B5%D0%BF%D0%BE%D0%B7%D0%B8%D1%82%D0%BE%D1%80%D0%B8%D1%8F-Entware-%D0%BD%D0%B0-USB-%D0%BD%D0%B0%D0%BA%D0%BE%D0%BF%D0%B8%D1%82%D0%B5%D0%BB%D1%8C). Note that if your Entware router is missing netfilter queue kernel modules, here is no way to deal with it since Entware does not offer kernel modules. 
 Install the binary with `opkg install youtubeUnblock-*.ipk`. After installation, the binary in /opt/bin and the init script in /opt/etc/init.d/S51youtubeUnblock will be available. To run the youtubeUnblock, simply run `/opt/etc/init.d/S51youtubeUnblock start`
 ### PC configuration
-On local host make sure to change FORWARD to OUTPUT chain in the Firewall rulesets.
+On local host make sure to change **FORWARD** to **OUTPUT** chain in the following Firewall rulesets.
 Copy `youtubeUnblock.service` to `/usr/lib/systemd/system` (you should change the path inside the file to the program position, for example `/usr/bin/youtubeUnblock`, also you may want to delete default iptables rule addition in systemd file to controll it manually). And run `systemctl start youtubeUnblock`.
 ### Firewall configuration
 #### nftables rules
 On nftables you should put next nftables rules:
-`nft add rule inet fw4 mangle_forward tcp dport 443 ct original "packets < 20" counter queue num 537 bypass`
+```sh
-`nft insert rule inet fw4 output mark and 0x8000 == 0x8000 counter accept`
+nft add rule inet fw4 mangle_forward tcp dport 443 ct original "packets < 20" counter queue num 537 bypass
 nft insert rule inet fw4 output mark and 0x8000 == 0x8000 counter accept
 ```
 #### Iptables rules
 On iptables you should put next iptables rules:
-`iptables -t mangle -A FORWARD -p tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass`
+```sh
-`iptables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT`
+iptables -t mangle -A FORWARD -p tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass
 iptables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT
 ```
-Note that above rules use conntrack to route only first 20 packets from the connection to youtubeUnblock. 
+#### IPv6
 If you got some troubles with it, for example youtubeUnblock doesn't detect youtube, try to delete connbytes from rules. But it is an unlikely behavior and you should probably check your ruleset.
-You can use `--queue-balance` with multiple instances of youtubeUnblock for performance. This behavior is supported via multithreading. Just pass --threads=n where n stands for an amount of threads you want to be enabled. The n defaults to 1. The maximum threads defaults to 16 but may be altered programatically. Note, that if you are about to increase it, here is 100% chance that you are on the wrong way.
+For IPv6 on iptables you need to duplicate rules above for ip6tables:
 ```sh
 ip6tables -t mangle -A FORWARD -p tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass
 ip6tables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT
 ```
-Also DNS over HTTPS (DOH) is preferred for additional anonimity. 
+
 Note that above rules use *conntrack* to route only first 20 packets from the connection to **youtubeUnblock**. 
 If you got some troubles with it, for example **youtubeUnblock** doesn't detect YouTube, try to delete *connbytes* from the rules. But it is an unlikely behavior and you should probably check your ruleset.
 You can use `--queue-balance` with multiple instances of **youtubeUnblock** for performance. This behavior is supported via multithreading. Just pass `--threads=n` where n stands for an number of threads you want to be enabled. The n defaults to **1**. The maximum threads defaults to **16** but may be altered programmatically. Note, that if you are about to increase it, here is 100% chance that you are on the wrong way.
 Also [DNS over HTTPS](https://github.com/curl/curl/wiki/DNS-over-HTTPS) is preferred for additional anonymity. 
 ## Check it
-Here is a command aims to help you deterime whether it works or no:
+
-```
+Here is the command to test whether it working or not:
 ```sh
 curl -o/dev/null -k --connect-to ::google.com -k -L -H Host:\ mirror.gcr.io https://test.googlevideo.com/v2/cimg/android/blobs/sha256:6fd8bdac3da660bde7bd0b6f2b6a46e1b686afb74b9a4614def32532b73f5eaa
 ```
-It should return bad speed without youtubeUnblock and good with it. With youtubeUnblock the speed should be the same as with next the command:
+It should return low speed without **youtubeUnblock** and faster with it. With **youtubeUnblock** the speed should be the same as fast with the next command:
-```
+```sh
 curl -o/dev/null -k --connect-to ::google.com -k -L -H Host:\ mirror.gcr.io https://mirror.gcr.io/v2/cimg/android/blobs/sha256:6fd8bdac3da660bde7bd0b6f2b6a46e1b686afb74b9a4614def32532b73f5eaa
 ```
 ## Flags
 Put flags to the **BINARY**, not an init script. If you are on OpenWRT you should put the flags inside the script: open `/etc/init.d/youtubeUnblock` with any text editor, like vi or nano and put your flags after `procd_set_param command /usr/bin/youtubeUnblock` line.
 Available flags:
- `--queue-num=<number of netfilter queue>` - The number of netfilter queue youtubeUnblock will be linked to. Defaults to 537.
+
- `--sni-domains=<comma separated domain list>|all` - List of domains you want to be handled by sni. Use this string if you want to change default domains. Defaults to `googlevideo.com,youtube.com,ggpht.com,ytimg.com`. You can pass all if you want for every Client Hello to be handled.
+- `--sni-domains=<comma separated domain list>|all` List of domains you want to be handled by SNI. Use this string if you want to change default domain list. Defaults to `googlevideo.com,ggpht.com,ytimg.com,youtube.com,play.google.com,youtu.be,googleapis.com,googleusercontent.com,gstatic.com,l.google.com`. You can pass **all** if you want for every *ClientHello* to be handled.
- `--fake-sni={0|1}` This flag enables fake-sni which forces youtubeUnblock to send at least three packets instead of one with TLS ClientHello: Fake ClientHello, 1st part of original ClientHello, 2nd part of original ClientHello. This flag may be related to some Operation not permitted error messages, so befor open an issue refer to Troubleshooting for EPERMS. Defaults to 1.
+
- `--fake-sni-seq-len=<length>` This flag specifies youtubeUnblock to build a complicated construction of fake client hello packets. length determines how much fakes will be sent. Defaults to 1.
+- `--queue-num=<number of netfilter queue>` The number of netfilter queue **youtubeUnblock** will be linked to. Defaults to **537**.
- `--faking-strategy={ack,ttl}` This flag determines the strategy of fake packets invalidation. `ack` specifies that random sequence/acknowledgemend random will be set. This options may be handled by provider which uses conntrack with drop on invalid conntrack state firewall rule enabled. `ttl` specifies that packet will be invalidated after `--faking-ttl=n` hops. `ttl` is better but may cause issues if unconfigured. Defaults to `ack`
+
- `--faking-ttl=<ttl>` Tunes the time to live of fake sni messages. TTL is specified like that the packet will go through the TSPU and captured by it, but will not reach the destination server. Defaults to 8.
+- `--fake-sni={0|1}` This flag enables fake-sni which forces **youtubeUnblock** to send at least three packets instead of one with TLS *ClientHello*: Fake *ClientHello*, 1st part of original *ClientHello*, 2nd part of original *ClientHello*. This flag may be related to some Operation not permitted error messages, so before open an issue refer to [Troubleshooting for EPERMS](#troubleshooting-eperms-operation-not-permitted). Defaults to **1**.
- `--frag={tcp,ip,none}` Specifies the fragmentation strategy for the packet. tcp is used by default. Ip fragmentation may be blocked by TSPU. None specifies no fragmentation. Probably this won't work, but may be will work for some fake sni strategies.
+
- `--frag-sni-reverse={0|1}` Specifies youtubeUnblock to send Client Hello fragments in the reverse order. Defaults to 1.
+- `--fake-sni-seq-len=<length>` This flag specifies **youtubeUnblock** to build a complicated construction of fake client hello packets. length determines how much fakes will be sent. Defaults to **1**.
- `--frag-sni-faked={0|1}` Specifies youtubeUnblock to send fake packets near Client Hello (fills payload with zeroes). Defaults to 0.
+
 - `--faking-strategy={randseq|ttl|tcp_check|pastseq}` This flag determines the strategy of fake packets invalidation. Defaults to `randseq`
  - `randseq` specifies that random sequence/acknowledgemend random will be set. This option may be handled by provider which uses *conntrack* with drop on invalid *conntrack* state firewall rule enabled. 
  - `ttl` specifies that packet will be invalidated after `--faking-ttl=n` hops. `ttl` is better but may cause issues if unconfigured. 
  - `pastseq` is like `randseq` but sequence number is not random but references the packet sent in the past (before current).
  - `tcp_check` will invalidate faking packet with invalid checksum. May be handled and dropped by some providers/TSPUs.
 - `--faking-ttl=<ttl>` Tunes the time to live (TTL) of fake SNI messages. TTL is specified like that the packet will go through the DPI system and captured by it, but will not reach the destination server. Defaults to **8**.
 - `--fake-seq-offset` Tunes the offset from original sequence number for fake packets. Used by randseq faking strategy. Defaults to 10000. If 0, random sequence number will be set.
 - `--frag={tcp,ip,none}` Specifies the fragmentation strategy for the packet. tcp is used by default. Ip fragmentation may be blocked by DPI system. None specifies no fragmentation. Probably this won't work, but may be will work for some fake sni strategies.
 - `--frag-sni-reverse={0|1}` Specifies **youtubeUnblock** to send *ClientHello* fragments in the reverse order. Defaults to **1**.
 - `--frag-sni-faked={0|1}` Specifies **youtubeUnblock** to send fake packets near *ClientHello* (fills payload with zeroes). Defaults to **0**.
 - `--frag-middle-sni={0|1}` With this options **youtubeUnblock** will split the packet in the middle of SNI data. Defaults to 1.
 - `--frag-sni-pos=<pos>` With this option **youtubeUnblock** will split the packet at the position pos. Defaults to 1.
 - `--quic-drop` Drop all QUIC packets which goes to youtubeUnblock. Won't affect any other UDP packets. Suitable for some TVs. Note, that for this option to work you should also add proxy udp to youtubeUnblock in firewall. `connbytes` may also be used with udp.
 - `--fk-winsize=<winsize>` Specifies window size for the fragmented TCP packet. Applicable if you want for response to be fragmented. May slowdown connection initialization.
- `--seg2delay=<delay>` - This flag forces youtubeUnblock to wait little bit before send the 2nd part of the split packet.
+
- `--silent` - Disables verbose mode.
+- `--synfake={1|0}` If 1, syn payload will be sent before each request. The idea is taken from syndata from zapret project. Syn payload will normally be discarded by endpoint but may be handled by TSPU. This option sends normal fake in that payload. Please note, that the option works for all the sites, so --sni-domains won't change anything.
 - `--synfake-len=<len>` The fake packet sent in synfake may be too large. If you experience issues, lower up synfake-len. where len stands for how much bytes should be sent as syndata. Pass 0 if you want to send an entire fake packet. Defaults to 0
 - `--sni-detection={parse|brute}` Specifies how to detect SNI. Parse will normally detect it by parsing the Client Hello message. Brute will go through the entire message and check possibility of SNI occurrence. Please note, that when `--sni-domains` option is not all brute will be O(nm) time complexity where n stands for length of the message and m is number of domains. Defaults to parse.
 - `--seg2delay=<delay>` This flag forces **youtubeUnblock** to wait a little bit before send the 2nd part of the split packet.
 - `--silent` Disables verbose mode.
 - `--trace` Maximum verbosity for debugging purposes.
 - `--no-gso` Disables support for Google Chrome fat packets which uses GSO. This feature is well tested now, so this flag probably won't fix anything.
- `--threads=<threads number>` Specifies the amount of threads you want to be running for your program. This defaults to 1 and shouldn't be edited for normal use. If you have performance issues, consult [performance chaptr](https://github.com/Waujito/youtubeUnblock?tab=readme-ov-file#performance)
+
 - `--no-ipv6` Disables support for ipv6. May be useful if you don't want for ipv6 socket to be opened.
 - `--threads=<threads number>` Specifies the amount of threads you want to be running for your program. This defaults to **1** and shouldn't be edited for normal use. If you have performance issues, consult [performance chaptr](https://github.com/Waujito/youtubeUnblock?tab=readme-ov-file#performance)
 - `--packet-mark=<mark>` Use this option if youtubeUnblock conflicts with other systems rely on packet mark. Note that you may want to change accept rule for iptables to follow the mark.
 ## Troubleshooting
 If you have troubles with some sites being proxied, you can play with flags. For example, for someone `--fake-sni=ttl` works. You should specify proper `--fake-sni-ttl=<ttl value>` where ttl is amount of hops between you and DPI.
-If you are on Chromium you may have to disable kyber (the feature that makes the TLS ClientHello very fat). I've got the problem with it on router, so to escape possibly errors it is better to just disable it: in chrome://flags search for kyber and switch it to disabled state. 
+If you got troubles with some sites and you sure that they are blocked by SNI (youtube for example), use may play around with [flags](#flags) and their combinations. At first it is recommended to try `--faking-strategy` flag and `--frag-sni-faked=1`.
-If your browser is using quic it may not work properly. Disable it in chrome in chrome://flags and in Firefox network.http.http{2,3}.enable(d) in about:config
+If you have troubles with some sites being proxied, you can play with flags values. For example, for someone `--faking-strategy=ttl` works. You should specify proper `--fake-sni-ttl=<ttl value>` where ttl is the amount of hops between you and DPI.
 If you are on Chromium you may have to disable *kyber* (the feature that makes the TLS *ClientHello* very big). I've got the problem with it on router, so to escape possible errors, so it is better to disable it: in `chrome://flags` search for kyber and switch it to disabled state. Alternatively you may set `--sni-detection=brute` and probably adjust `--sni-domains` flag.
 If your browser is using QUIC it may not work properly. Disable it in Chrome in `chrome://flags` and in Firefox `network.http.http{2,3}.enable(d)` in `about:config` option.
 ### TV
 Televisions are the biggest headache. 
 In [this issue](https://github.com/Waujito/youtubeUnblock/issues/59) the problem has been resolved. 
 If you have troubles with televisions try `--faking-strategy=ttl` flag and play around with `--faking-ttl=n`. See [#flags](#flags) for more details. Also you might be have to disable QUIC. To do it you may use `--quic-drop` [flag](#flags) with proper firewall configuration (check description of the flag). Note, that this flag won't disable gQUIC and some TVs may relay on it. To disable gQUIC you will need to block the entire 443 port for udp in firewall configuration:
 For **nftables** do
 ```
 nft insert rule inet fw4 forward ip saddr 192.168.. udp dport 443 counter drop
 ```
 For **iptables**
 ```
 iptables -I OUTPUT --src 192.168.. -p udp --dport 443 -j DROP
 ```
 Where you have to replace 192.168.. with ip of your television.
 ### Troubleshooting EPERMS (Operation not permitted)
-EPERM may occur in a lot of places but generally here are two: mnl_cb_run and when sending the packet via rawsocket (raw_frags_send and send fake sni).
+
- mnl_cb_run Operation not permitted indicates that another instance of youtubeUnblock is running on the specified queue-num.
+*EPERM* may occur in a lot of places but generally here are two: *mnl_cb_run* and when sending the packet via *rawsocket* (raw_frags_send and send fake sni).
- rawsocket Operation not permitted indicates that the packet is being dropped by nefilter rules. In fact this is a hint from the kernel that something wrong is going on and we should check the firewall rules. Before dive into the problem let's make it clean how the mangled packets are being sent. Nefilter queue provides us with the ability to mangle the packet on fly but that is not suitable for this program because we need to split the packet to at least two independent packets. So we are using [linux raw sockets](https://man7.org/linux/man-pages/man7/raw.7.html) which allows us to send any ipv4 packet. **The packet goes from the OUTPUT chain even when NFQUEUE is set up on FORWARD (suitable for OpenWRT).** So we need to escape packet rejects here.
+
 - **mnl_cb_run** *Operation not permitted* indicates that another instance of youtubeUnblock is running on the specified queue-num.
 - **rawsocket** *Operation not permitted* indicates that the packet is being dropped by nefilter rules. In fact this is a hint from the kernel that something wrong is going on and we should check the firewall rules. Before dive into the problem let's make it clean how the mangled packets are being sent. Nefilter queue provides us with the ability to mangle the packet on fly but that is not suitable for this program because we need to split the packet to at least two independent packets. So we are using [linux raw sockets](https://man7.org/linux/man-pages/man7/raw.7.html) which allows us to send any ipv4 packet. **The packet goes from the OUTPUT chain even when NFQUEUE is set up on FORWARD (suitable for OpenWRT).** So we need to escape packet rejects here.
    * raw_frags_send EPERM: just make sure outgoing traffic is allowed (RELATED,ESTABLISHED should work, if not, go to step 3)
    * send fake sni EPERM: Fake SNI is out-of-state thing and will likely corrupt the connection (the behavior is expected). conntrack considers it as an invalid packet. By default OpenWRT set up to drop outgoing packets like this one. You may delete nftables/iptables rule that drops packets with invalid conntrack state, but I don't recommend to do this. The step 3 is better solution.
    * Step 3, ultimate solution. Use mark (don't confuse with connmark). The youtubeUnblock uses mark internally to avoid infinity packet loops (when the packet is sent by youtubeUnblock but on next step handled by itself). Currently it uses mark (1 << 15) = 32768. You should put iptables/nftables that ultimately accepts such marks at the very start of the filter OUTPUT chain: `iptables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT` or `nft insert rule inet fw4 output mark and 0x8000 == 0x8000 counter accept`.
 ## How it works:
 Lets look from the DPIses side of view: All they have is ip and tcp information, higher-level data is encrypted. So from the IP header only IP address might be helpful for them. In tcp here is basically nothing. So they may handle IP addresses and process it. What's wrong? Google servers are on the way: It is very hard to handle all that infrastracture. One server may host multiple websites and it is very bad if them block, say Google Search trying to block googlevideo. But even if googlevideo servers have their own ip for only googlevideo purposes, here is a problem about how large is Google infrastracture and how much servers are here. The DPIs can't even parse normally all the servers, because each video may live on it's cache server. So what's else? Let's take a look at a TLS level. All information here is encrypted. All... Except hello messages! They are used to initialize handshake connections and hold tons of helpful information. If we talk about TLS v1.3, it is optimized to transfer as less information as possible unencrypted. But here is only one thing that may point us which domain the user wants to connect, the SNI extension. It transfers all domain names unencrypted. Exactly what we need! And DPIs may use this thing to detect google video connections and slow down them (In fact they are corrupting a tcp connection with bad packets).
-So we aims to somehow hide the SNI from them. How?
+Let's look from the DPI systems side of view: All of they have an ip and tcp information, higher-level data is encrypted. So from the IP header only IP address might be helpful for them to limit user traffic. In TCP here is basically nothing. So they may handle IP addresses and process it. 
- We can alter the SNI name in the tls packet to something else. But what's wrong with this? The server also uses SNI name for certificates. And if we change it, the server will return an invalid certificate which browser can't normally process, which may turn out to the MITM problem.
+
- We can encrypt it. Here are a lot of investigations about SNI, but the server should support the technique. Also ISPs may block encrypted SNI. [Check this Wikipedia page](https://en.wikipedia.org/wiki/Server_Name_Indication)
+What's wrong? Google servers are on the way: It is very hard to handle all that infrastructure. One server may host multiple websites and it is very bad if them blocks, for example, Google Search while trying to block YouTube (googlevideo). But even if YouTube servers have their own IP for only googlevideo purposes, here is a problem about how large is Google infrastracture and how much servers in it. The DPI systems can't even parse normally all the servers, because each video may live on its cache server [GGC](https://support.google.com/interconnect/answer/9058809?hl=en).
- So what else can we do with the SNI info? If we can't hide it, let's rely on DPIs weak spots. The DPI is an extremly high loaded machine that analyzes every single packet sent to the Internet. And every performance-impacted feature should be avoided for them. One of this features is IP packet fragmentation. We can split the packet in the middle of SNI message and post it. For DPI fragmentation involves too much overhead: they should store a very big mapping table which maps IP id, Source ip and Destination ip. Also note that some packets may be lost and DPI should support auto-clean of that table. So just imagine how much memory and CPU time will this cost for DPI. But fragments are ok for clients and hosts. And that's the base idea behind this package. I have to mention here that the idea isn't mine, I get in here after some research for this side. Here already was a solution for Windows, GoodbyeDPI. I just made an alternative for Linux.
+
 So what's else? Let's take a look at a TLS level. All information here is encrypted. All... Except *ClientHello* messages! They are used to initialize handshake connections and hold tons of helpful information. If we talk about TLS version 1.3, it is optimized to transfer as less information as possible unencrypted. But here is only one thing that may point us which domain the user wants to connect, the SNI extension. It transfers all domain names unencrypted in plain text. Exactly what we need! And DPI systems may use this text to detect YouTube connections and slow down or reject them (In fact they are corrupting a TCP connection with bad packets).
 So we aim to somehow hide the SNI from them. How?
 - We can alter the SNI name in the tls packet to something else. But what's wrong with this? The server also uses SNI name for certificates (CN=). And if we change it, the server will return an invalid certificate which browser can't normally process, which may turn out to the MITM problem.
 - We can encrypt it. Here are a lot of investigations about SNI, but the server should support this technique. Also ISPs may block [encrypted SNI](https://en.wikipedia.org/wiki/Server_Name_Indication).
 - So what else can we do with the SNI info? If we can't hide it, let's rely on DPI systems weak spots. The DPI is an extremely high loaded infrastructure that analyzes every single packet sent to the Internet. And every performance-impacted feature should be avoided for them. One of this features is IP packet fragmentation. We can split the packet in the middle of SNI message and post it. For DPI fragmentation involves too much overhead: they should store a very big mapping table which maps IP id, Source ip and Destination ip. Also note that some packets may be lost and DPI should support auto-clean of that table. So just imagine how much memory and CPU time will this cost for DPI. But fragments are ok for clients and hosts. And that's the base idea behind this package. I have to mention here that the idea isn't mine, I get in here after some research for this side. Here already was a solution for Windows, GoodbyeDPI. I just made an alternative for Linux.
 You may read further in an [yt-dlp issue page](https://github.com/yt-dlp/yt-dlp/issues/10443) and in [ntc party forum](https://ntc.party/t/%D0%BE%D0%B1%D1%81%D1%83%D0%B6%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5-%D0%B7%D0%B0%D0%BC%D0%B5%D0%B4%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5-youtube-%D0%B2-%D1%80%D0%BE%D1%81%D1%81%D0%B8%D0%B8/8074).
 ## How it processes packets
-When the packet is joining the queue, the application checks sni payload to be googlevideo (right how the DPIs do), segmentates/fragmentates (both TCP and IP fragmentation techniques are supported) and posts the packet. Note that it is impossible to post two fragmented packets from one netfilter queue verdict. Instead, the application drops an original packet and makes another linux raw socket to post the packets in the network. To escape infinity loops the socket marks outgoing packets and the application automatically accepts it.
+
 When the packet is joining the queue, the application checks SNI payload to be YouTube(googlevideo) (right how the DPI systems do), segmentate/fragmentates (both TCP and IP fragmentation techniques are supported) and posts the packet. Note that it is impossible to post two fragmented packets from one netfilter queue verdict. Instead, the application drops an original packet and makes another linux raw socket to post the packets in the network. To escape infinity loops the socket marks outgoing packets and the application automatically accepts it.
 ## Compilation
 Before compilation make sure `gcc`, `make`, `autoconf`, `automake`, `pkg-config` and `libtool` is installed. For Fedora `glibc-static` should be installed as well.
-Compile with `make`. Install with `make install`. The package include libnetfilter_queue, libnfnetlink and libmnl as static dependencies. The package requires linux-headers and kernel built with netfilter nfqueue support.
+
 Compile with `make`. Install with `make install`. The package include `libnetfilter_queue`, `libnfnetlink` and `libmnl` as static dependencies. The package requires `linux-headers` and kernel built with netfilter nfqueue support.
 ## OpenWRT case
 The package is also compatible with routers. The router should be running by linux-based system such as [OpenWRT](https://openwrt.org/).
-You can build under openwrt with two options: first - through the SDK, which is preferred way and second is cross-compile manually with openwrt toolchain.
+
 You can build under OpenWRT with two options: first - through the SDK, which is preferred way and second is cross-compile manually with OpenWRT toolchain.
 ### Building OpenWRT .ipk package
 OpenWRT provides a high-level SDK for the package builds. 
-First step is to download or compile OpenWRT SDK for your specific platform. The SDK can be compiled according to [this tutorial](https://openwrt.org/docs/guide-developer/toolchain/using_the_sdk). Beside of raw source code of SDK, OpenWRT also offers precompiled SDKs for your router. You can find it on the router page. For example, I have ramips/mt76x8 based router so for me the sdk is on https://downloads.openwrt.org/releases/23.05.3/targets/ramips/mt76x8/ and called `openwrt-sdk-23.05.3-ramips-mt76x8_gcc-12.3.0_musl.Linux-x86_64`. You will need to [install sdk requirements on your system](https://openwrt.org/docs/guide-developer/toolchain/install-buildsystem) If you have any problems, use docker ubuntu:24.04 image. Make sure to be a non-root user since some makesystem fails with it. Next, untar the SDK and cd into it. Do `echo "src-git youtubeUnblock https://github.com/Waujito/youtubeUnblock.git;openwrt" >> feeds.conf`, `./scripts/feeds update youtubeUnblock`, `./scripts/feeds install -a -p youtubeUnblock`, `make package/youtubeUnblock/compile`. Now the packet is built and you can import it to the router. Find it in `bin/packages/<target>/youtubeUnblock/youtubeUnblock-<version>.ipk`. 
+
 First step is to download or compile OpenWRT SDK for your specific platform. The SDK can be compiled according to [this tutorial](https://openwrt.org/docs/guide-developer/toolchain/using_the_sdk). 
 Beside of raw source code of SDK, OpenWRT also offers precompiled SDKs for your router. You can find it on the router page. For example, I have ramips/mt76x8 based router so for me the sdk is on https://downloads.openwrt.org/releases/23.05.3/targets/ramips/mt76x8/ and called `openwrt-sdk-23.05.3-ramips-mt76x8_gcc-12.3.0_musl.Linux-x86_64`. 
 You will need to [install sdk requirements on your system](https://openwrt.org/docs/guide-developer/toolchain/install-buildsystem) If you have any problems, use docker ubuntu:24.04 image. Make sure to be a non-root user since some makesystem fails with it. Next, untar the SDK and cd into it. 
 Do 
 ```sh
 echo "src-git youtubeUnblock https://github.com/Waujito/youtubeUnblock.git;openwrt" >> feeds.conf
 ./scripts/feeds update youtubeUnblock
 ./scripts/feeds install -a -p youtubeUnblock
 make package/youtubeUnblock/compile 
 ```
 Now the packet is built and you can import it to the router. Find it in `bin/packages/<target>/youtubeUnblock/youtubeUnblock-<version>.ipk`. 
 ### Building with toolchain
-The precompiled toolchain located near the SDK. For me it is called `openwrt-toolchain-23.05.3-ramips-mt76x8_gcc-12.3.0_musl.Linux-x86_64.tar.xz`. When you download the toolchain, untar it somewhere. Now we are ready for compilation. My cross gcc asked me to create a staging dir for it and pass it as an environment variable. Also you should notice toolsuite packages and replace my make command with yours. ```STAGING_DIR=temp make CC=/usr/bin/mipsel-openwrt-linux-gcc LD=/usr/bin/mipsel-openwrt-linux-ld AR=/usr/bin/mipsel-openwrt-linux-ar OBJDUMP=/usr/bin/mipsel-openwrt-linux-objdump NM=/usr/bin/mipsel-openwrt-linux-nm STRIP=/usr/bin/mipsel-openwrt-linux-strip CROSS_COMPILE_PLATFORM=mipsel-buildroot-linux-gnu```. Take a look at `CROSS_COMPILE_PLATFORM` It is required by autotools but I think it is not necessary. Anyways I put `mipsel-buildroot-linux-gnu` in here. For your model may be an [automake cross-compile manual](https://www.gnu.org/software/automake/manual/html_node/Cross_002dCompilation.html) will be helpful. When compilation is done, the binary file will be in build directory. Copy it to your router. Note that an ssh access is likely to be required to proceed. sshfs don't work on my model so I injected the application to the router via Software Upload Package page. It has given me an error, but also a `/tmp/upload.ipk` file which I copied in root directory, `chmod +x`-ed and run.
+
 The precompiled toolchain located near the SDK. For example it is called `openwrt-toolchain-23.05.3-ramips-mt76x8_gcc-12.3.0_musl.Linux-x86_64.tar.xz`. When you download the toolchain, untar it somewhere. Now we are ready for compilation. My cross gcc asked me to create a staging dir for it and pass it as an environment variable. Also you should notice toolsuite packages and replace my make command with yours. 
 ```
 STAGING_DIR=temp make CC=/usr/bin/mipsel-openwrt-linux-gcc LD=/usr/bin/mipsel-openwrt-linux-ld AR=/usr/bin/mipsel-openwrt-linux-ar OBJDUMP=/usr/bin/mipsel-openwrt-linux-objdump NM=/usr/bin/mipsel-openwrt-linux-nm STRIP=/usr/bin/mipsel-openwrt-linux-strip CROSS_COMPILE_PLATFORM=mipsel-buildroot-linux-gnu
 ```
 Take a look at `CROSS_COMPILE_PLATFORM` It is required by autotools but I think it is not necessary. Anyways I put `mipsel-buildroot-linux-gnu` in here. For your router model name maybe an [automake cross-compile manual](https://www.gnu.org/software/automake/manual/html_node/Cross_002dCompilation.html) will be helpful. 
 When compilation is done, the binary file will be in build directory. Copy it to your router. Note that a ssh access is likely to be required to proceed. *sshfs* don't work on my model so I injected the application to the router via *Software Upload Package* page. It has given me an error, but also a `/tmp/upload.ipk` file which I copied in root directory, `chmod +x` it and run.
-
+ >If you have any questions/suggestions/problems feel free to open an [issue](https://github.com/Waujito/youtubeUnblock/issues).
 ## If you have any questions/suggestions/problems feel free to open an issue.
--- a/args.c
+++ b/args.c
@@ -18,6 +18,15 @@ struct config_t config = {
 	.faking_ttl = FAKE_TTL,
 	.fake_sni = 1,
 	.fake_sni_seq_len = 1,
 	.frag_middle_sni = 1,
 	.frag_sni_pos = 1,
 	.use_ipv6 = 1,
 	.fakeseq_offset = 10000,
 	.mark = DEFAULT_RAWSOCKET_MARK,
 	.synfake = 0,
 	.synfake_len = 0,
 	.sni_detection = SNI_DETECTION_PARSE,
 #ifdef SEG2_DELAY
 	.seg2_delay = SEG2_DELAY,
@@ -32,16 +41,17 @@ struct config_t config = {
 #endif
 #ifdef DEBUG
-	.verbose = true,
+	.verbose = 1,
 #else
-	.verbose = false,
+	.verbose = 0,
 #endif
 	.domains_str = defaul_snistr,
 	.domains_strlen = sizeof(defaul_snistr),
 	.queue_start_num = DEFAULT_QUEUE_NUM,
-	.fake_sni_pkt = fake_sni,
+	.fake_sni_pkt = fake_sni_old,
-	.fake_sni_pkt_sz = sizeof(fake_sni) - 1, // - 1 for null-terminator
+	.fake_sni_pkt_sz = sizeof(fake_sni_old) - 1, // - 1 for null-terminator
 };
 #define OPT_SNI_DOMAINS		1
@@ -52,32 +62,52 @@ struct config_t config = {
 #define OPT_FRAG    		4
 #define OPT_FRAG_SNI_REVERSE	12
 #define OPT_FRAG_SNI_FAKED	13
 #define OPT_FRAG_MIDDLE_SNI	18
 #define OPT_FRAG_SNI_POS	19
 #define OPT_FK_WINSIZE		14
 #define OPT_TRACE		15
 #define OPT_QUIC_DROP		16
 #define OPT_SNI_DETECTION	17
 #define OPT_NO_IPV6		20
 #define OPT_FAKE_SEQ_OFFSET	21
 #define OPT_PACKET_MARK 	22
 #define OPT_SYNFAKE	 	23
 #define OPT_SYNFAKE_LEN	 	24
 #define OPT_SEG2DELAY 		5
 #define OPT_THREADS 		6
 #define OPT_SILENT 		7
 #define OPT_NO_GSO 		8
 #define OPT_QUEUE_NUM		9
-#define OPT_MAX OPT_FRAG_SNI_FAKED
+#define OPT_MAX OPT_SYNFAKE_LEN
 static struct option long_opt[] = {
 	{"help",		0, 0, 'h'},
 	{"version",		0, 0, 'v'},
 	{"sni-domains",		1, 0, OPT_SNI_DOMAINS},
 	{"fake-sni",		1, 0, OPT_FAKE_SNI},
 	{"synfake",		1, 0, OPT_SYNFAKE},
 	{"synfake-len",		1, 0, OPT_SYNFAKE_LEN},
 	{"fake-sni-seq-len",	1, 0, OPT_FAKE_SNI_SEQ_LEN},
 	{"faking-strategy",	1, 0, OPT_FAKING_STRATEGY},
 	{"fake-seq-offset",	1, 0, OPT_FAKE_SEQ_OFFSET},
 	{"faking-ttl",		1, 0, OPT_FAKING_TTL},
 	{"frag",		1, 0, OPT_FRAG},
 	{"frag-sni-reverse",	1, 0, OPT_FRAG_SNI_REVERSE},
 	{"frag-sni-faked",	1, 0, OPT_FRAG_SNI_FAKED},
 	{"frag-middle-sni",	1, 0, OPT_FRAG_MIDDLE_SNI},
 	{"frag-sni-pos",	1, 0, OPT_FRAG_SNI_POS},
 	{"fk-winsize",		1, 0, OPT_FK_WINSIZE},
 	{"quic-drop",		0, 0, OPT_QUIC_DROP},
 	{"sni-detection",	1, 0, OPT_SNI_DETECTION},
 	{"seg2delay",		1, 0, OPT_SEG2DELAY},
 	{"threads",		1, 0, OPT_THREADS},
 	{"silent",		0, 0, OPT_SILENT},
 	{"trace",		0, 0, OPT_TRACE},
 	{"no-gso",		0, 0, OPT_NO_GSO},
 	{"no-ipv6",		0, 0, OPT_NO_IPV6},
 	{"queue-num",		1, 0, OPT_QUEUE_NUM},
 	{"packet-mark",		1, 0, OPT_PACKET_MARK},
 	{0,0,0,0}
 };
@@ -114,16 +144,26 @@ void print_usage(const char *argv0) {
 	printf("\t--sni-domains=<comma separated domain list>|all\n");
 	printf("\t--fake-sni={1|0}\n");
 	printf("\t--fake-sni-seq-len=<length>\n");
 	printf("\t--fake-seq-offset=<offset>\n");
 	printf("\t--faking-ttl=<ttl>\n");
-	printf("\t--faking-strategy={ack,ttl}\n");
+	printf("\t--faking-strategy={randseq|ttl|tcp_check|pastseq}\n");
 	printf("\t--synfake={1|0}\n");
 	printf("\t--synfake-len=<len>\n");
 	printf("\t--frag={tcp,ip,none}\n");
 	printf("\t--frag-sni-reverse={0|1}\n");
 	printf("\t--frag-sni-faked={0|1}\n");
 	printf("\t--frag-middle-sni={0|1}\n");
 	printf("\t--frag-sni-pos=<pos>\n");
 	printf("\t--fk-winsize=<winsize>\n");
 	printf("\t--quic-drop\n");
 	printf("\t--sni-detection={parse|brute}\n");
 	printf("\t--seg2delay=<delay>\n");
 	printf("\t--threads=<threads number>\n");
 	printf("\t--packet-mark=<mark>\n");
 	printf("\t--silent\n");
 	printf("\t--trace\n");
 	printf("\t--no-gso\n");
 	printf("\t--no-ipv6\n");
 	printf("\n");
 }
@@ -134,155 +174,217 @@ int parse_args(int argc, char *argv[]) {
 	while ((opt = getopt_long(argc, argv, "hv", long_opt, &optIdx)) != -1) {
 		switch (opt) {
-			case 'h':
+		case 'h':
-				print_usage(argv[0]);
+			print_usage(argv[0]);
-				goto out;
+			goto stop_exec;
-			case 'v':
+		case 'v':
-				print_version();
+			print_version();
-				goto out;
+			goto stop_exec;
-			case OPT_SILENT:
+		case OPT_TRACE:
-				config.verbose = 0;
+			config.verbose = 2;
-				break;
+			break;
-			case OPT_NO_GSO:
+		case OPT_SILENT:
-				config.use_gso = 0;
+			config.verbose = 0;
-				break;
+			break;
-			case OPT_SNI_DOMAINS:
+		case OPT_NO_GSO:
-				if (!strcmp(optarg, "all")) {
+			config.use_gso = 0;
-					config.all_domains = 1;
+			break;
-				}
+		case OPT_NO_IPV6:
 			config.use_ipv6 = 0;
 			break;
 		case OPT_QUIC_DROP:
 			config.quic_drop = 1;
 			break;
 		case OPT_SNI_DOMAINS:
 			if (!strcmp(optarg, "all")) {
 				config.all_domains = 1;
 			}
-				config.domains_str = optarg;
+			config.domains_str = optarg;
-				config.domains_strlen = strlen(config.domains_str);
+			config.domains_strlen = strlen(config.domains_str);
 			break;
 		case OPT_SNI_DETECTION:
 			if (strcmp(optarg, "parse") == 0) {
 				config.sni_detection = SNI_DETECTION_PARSE;
 			} else if (strcmp(optarg, "brute") == 0) {
 				config.sni_detection = SNI_DETECTION_BRUTE;
 			} else {
 				goto invalid_opt;
 			}
-				break;
+			break;
-			case OPT_FRAG:
+		case OPT_FRAG:
-				if (strcmp(optarg, "tcp") == 0) {
+			if (strcmp(optarg, "tcp") == 0) {
-					config.fragmentation_strategy = FRAG_STRAT_TCP;
+				config.fragmentation_strategy = FRAG_STRAT_TCP;
-				} else if (strcmp(optarg, "ip") == 0) {
+			} else if (strcmp(optarg, "ip") == 0) {
-					config.fragmentation_strategy = FRAG_STRAT_IP;
+				config.fragmentation_strategy = FRAG_STRAT_IP;
-				} else if (strcmp(optarg, "none") == 0) {
+			} else if (strcmp(optarg, "none") == 0) {
-					config.fragmentation_strategy = FRAG_STRAT_NONE;
+				config.fragmentation_strategy = FRAG_STRAT_NONE;
-				} else {
+			} else {
-					printf("Invalid option %s\n", long_opt[optIdx].name);
+				goto invalid_opt;
-					goto error;
+			}
 				}
-				break;
+			break;
-			case OPT_FRAG_SNI_FAKED:
+		case OPT_FRAG_SNI_FAKED:
-				if (strcmp(optarg, "1") == 0) {
+			if (strcmp(optarg, "1") == 0) {
-					config.frag_sni_faked = 1;				
+				config.frag_sni_faked = 1;
-				} else if (strcmp(optarg, "0") == 0) {
+			} else if (strcmp(optarg, "0") == 0) {
-					config.frag_sni_faked = 0;
+				config.frag_sni_faked = 0;
-				} else {
+			} else {
-					errno = EINVAL;
+				goto invalid_opt;
-					printf("Invalid option %s\n", long_opt[optIdx].name);
+			}
 					goto error;
 				}
-				break;
+			break;
-			case OPT_FRAG_SNI_REVERSE:
+		case OPT_FRAG_SNI_REVERSE:
-				if (strcmp(optarg, "1") == 0) {
+			if (strcmp(optarg, "1") == 0) {
-					config.frag_sni_reverse = 1;				
+				config.frag_sni_reverse = 1;
-				} else if (strcmp(optarg, "0") == 0) {
+			} else if (strcmp(optarg, "0") == 0) {
-					config.frag_sni_reverse = 0;
+				config.frag_sni_reverse = 0;
-				} else {
+			} else {
-					errno = EINVAL;
+				goto invalid_opt;
-					printf("Invalid option %s\n", long_opt[optIdx].name);
+			}
 					goto error;
 				}
-				break;
+			break;
-			case OPT_FAKING_STRATEGY:
+		case OPT_FRAG_MIDDLE_SNI:
-				if (strcmp(optarg, "ack") == 0) {
+			if (strcmp(optarg, "1") == 0) {
-					config.faking_strategy = FAKE_STRAT_ACK_SEQ;
+				config.frag_middle_sni = 1;
-				} else if (strcmp(optarg, "ttl") == 0) {
+			} else if (strcmp(optarg, "0") == 0) {
-					config.faking_strategy = FAKE_STRAT_TTL;
+				config.frag_middle_sni = 0;
-				} else {
+			} else {
-					errno = EINVAL;
+				goto invalid_opt;
-					printf("Invalid option %s\n", long_opt[optIdx].name);
+			}
 					goto error;
 				}
-				break;
+			break;
-			case OPT_FAKING_TTL:
+		case OPT_FRAG_SNI_POS:
-				num = parse_numeric_option(optarg);
+			num = parse_numeric_option(optarg);
-				if (errno != 0 || num < 0 || num > 255) {
+			if (errno != 0 || num < 0) {
-					printf("Invalid option %s\n", long_opt[optIdx].name);
+				goto invalid_opt;
-					goto error;
+			}
 				}
-				config.faking_ttl = num;
+			config.frag_sni_pos = num;
-				break;
+			break;
 		case OPT_FAKING_STRATEGY:
 			if (strcmp(optarg, "randseq") == 0) {
 				config.faking_strategy = FAKE_STRAT_RAND_SEQ;
 			} else if (strcmp(optarg, "ttl") == 0) {
 				config.faking_strategy = FAKE_STRAT_TTL;
 			} else if (strcmp(optarg, "tcp_check") == 0) {
 				config.faking_strategy = FAKE_STRAT_TCP_CHECK;
 			} else if (strcmp(optarg, "pastseq") == 0) {
 				config.faking_strategy = FAKE_STRAT_PAST_SEQ;
 			} else {
 				goto invalid_opt;
 			}
-			case OPT_FAKE_SNI:
+			break;
-				if (strcmp(optarg, "1") == 0) {
+		case OPT_FAKING_TTL:
-					config.fake_sni = 1;				
+			num = parse_numeric_option(optarg);
-				} else if (strcmp(optarg, "0") == 0) {
+			if (errno != 0 || num < 0 || num > 255) {
-					config.fake_sni = 0;
+				goto invalid_opt;
-				} else {
+			}
 					errno = EINVAL;
 					printf("Invalid option %s\n", long_opt[optIdx].name);
 					goto error;
 				}
-				break;
+			config.faking_ttl = num;
-			case OPT_FAKE_SNI_SEQ_LEN:
+			break;
-				num = parse_numeric_option(optarg);
+		case OPT_FAKE_SEQ_OFFSET:
-				if (errno != 0 || num < 0 || num > 255) {
+			num = parse_numeric_option(optarg);
-					printf("Invalid option %s\n", long_opt[optIdx].name);
+			if (errno != 0 || num < 0) {
-					goto error;
+				goto invalid_opt;
-				}
+			}
-				config.fake_sni_seq_len = num;
+			config.fakeseq_offset = num;
-				break;
+			break;
-			case OPT_FK_WINSIZE:
+		case OPT_FAKE_SNI:
-				num = parse_numeric_option(optarg);
+			if (strcmp(optarg, "1") == 0) {
-				if (errno != 0 || num < 0) {
+				config.fake_sni = 1;				
-					printf("Invalid option %s\n", long_opt[optIdx].name);
+			} else if (strcmp(optarg, "0") == 0) {
-					goto error;
+				config.fake_sni = 0;
-				}
+			} else {
 				goto invalid_opt;
 			}
-				config.fk_winsize = num;
+			break;
-				break;
+		case OPT_FAKE_SNI_SEQ_LEN:
-			case OPT_SEG2DELAY:
+			num = parse_numeric_option(optarg);
-				num = parse_numeric_option(optarg);
+			if (errno != 0 || num < 0 || num > 255) {
-				if (errno != 0 || num < 0) {
+				goto invalid_opt;
-					printf("Invalid option %s\n", long_opt[optIdx].name);
+			}
 					goto error;
 				}
-				config.seg2_delay = num;
+			config.fake_sni_seq_len = num;
-				break;
+			break;
-			case OPT_THREADS:
+		case OPT_FK_WINSIZE:
-				num = parse_numeric_option(optarg);
+			num = parse_numeric_option(optarg);
-				if (errno != 0 || num < 0 || num > MAX_THREADS) {
+			if (errno != 0 || num < 0) {
-					printf("Invalid option %s\n", long_opt[optIdx].name);
+				goto invalid_opt;
-					goto error;
+			}
 				}
-				config.threads = num;
+			config.fk_winsize = num;
-				break;
+			break;
-			case OPT_QUEUE_NUM:
+		case OPT_SYNFAKE:
-				num = parse_numeric_option(optarg);
+			if (strcmp(optarg, "1") == 0) {
-				if (errno != 0 || num < 0) {
+				config.synfake = 1;
-					printf("Invalid option %s\n", long_opt[optIdx].name);
+			} else if (strcmp(optarg, "0") == 0) {
-					goto error;
+				config.synfake = 0;
-				}
+			} else {
 				goto invalid_opt;
 			}
-				config.queue_start_num = num;
+			break;
-				break;
+		case OPT_SYNFAKE_LEN:
-			default:
+			num = parse_numeric_option(optarg);
-				goto error;
+			if (errno != 0 || num < 0) {
 				goto invalid_opt;
 			}
 			config.synfake_len = num;
 			break;
 		case OPT_SEG2DELAY:
 			num = parse_numeric_option(optarg);
 			if (errno != 0 || num < 0) {
 				goto invalid_opt;
 			}
 			config.seg2_delay = num;
 			break;
 		case OPT_THREADS:
 			num = parse_numeric_option(optarg);
 			if (errno != 0 || num < 0 || num > MAX_THREADS) {
 				goto invalid_opt;
 			}
 			config.threads = num;
 			break;
 		case OPT_QUEUE_NUM:
 			num = parse_numeric_option(optarg);
 			if (errno != 0 || num < 0) {
 				goto invalid_opt;
 			}
 			config.queue_start_num = num;
 			break;
 		case OPT_PACKET_MARK:
 			num = parse_numeric_option(optarg);
 			if (errno != 0 || num < 0) {
 				goto invalid_opt;
 			}
 			config.mark = num;
 			break;
 		default:
 			goto error;
 		}
 	}
 // out:
 	errno = 0;
 	return 0;
-out:
+stop_exec:
 	errno = 0;
 	return 1;
 invalid_opt:
 	printf("Invalid option %s\n", long_opt[optIdx].name);
 error:
 	print_usage(argv[0]);
 	errno = EINVAL;
@@ -328,8 +430,15 @@ void print_welcome() {
 		case FAKE_STRAT_TTL:
 			printf("TTL faking strategy will be used with TTL %d\n", config.faking_ttl);
 			break;
-		case FAKE_STRAT_ACK_SEQ:
+		case FAKE_STRAT_RAND_SEQ:
-			printf("Ack-Seq faking strategy will be used\n");
+			printf("Random seq faking strategy will be used\n");
 			printf("Fake seq offset set to %u\n", config.fakeseq_offset);
 			break;
 		case FAKE_STRAT_TCP_CHECK:
 			printf("TCP checksum faking strategy will be used\n");
 			break;
 		case FAKE_STRAT_PAST_SEQ:
 			printf("Past seq faking strategy will be used\n");
 			break;
 	}
@@ -337,12 +446,31 @@ void print_welcome() {
 		printf("Response TCP window will be set to %d with the appropriate scale\n", config.fk_winsize);
 	}
 	if (config.synfake) {
 		printf("Fake SYN payload will be sent with each TCP request SYN packet\n");
 	}
 	if (config.use_gso) {
 		printf("GSO is enabled\n");
 	}
 	if (config.use_ipv6) {
 		printf("IPv6 is enabled\n");
 	} else {
 		printf("IPv6 is disabled\n");
 	}
 	if (config.quic_drop) {
 		printf("All QUIC packets will be dropped\n");
 	}
 	if (config.sni_detection == SNI_DETECTION_BRUTE) {
 		printf("Server Name Extension will be parsed in the bruteforce mode\n");
 	}
 	if (config.all_domains) {
 		printf("All Client Hello will be targetted by youtubeUnblock!\n");
 	}
 }
--- a/config.h
+++ b/config.h
@@ -18,14 +18,24 @@ struct config_t {
 	unsigned int queue_start_num;
 	int threads;
 	int use_gso;
 	int use_ipv6;
 	int fragmentation_strategy;
 	int frag_sni_reverse;
 	int frag_sni_faked;
 	int faking_strategy;
 	int frag_middle_sni;
 	int frag_sni_pos;
 	unsigned char faking_ttl;
 	int fake_sni;
 	unsigned int fake_sni_seq_len;
 #define VERBOSE_INFO	0
 #define VERBOSE_DEBUG	1
 #define VERBOSE_TRACE	2
 	int verbose;
 	int quic_drop;
 #define SNI_DETECTION_PARSE 0
 #define SNI_DETECTION_BRUTE 1
 	int sni_detection;
 	/* In milliseconds */
 	unsigned int seg2_delay;
 	const char *domains_str;
@@ -34,6 +44,10 @@ struct config_t {
 	const char *fake_sni_pkt;
 	unsigned int fake_sni_pkt_sz;
 	unsigned int fk_winsize;
 	unsigned int fakeseq_offset;
 	unsigned int mark;
 	int synfake;
 	unsigned int synfake_len;
 };
 extern struct config_t config;
@@ -60,7 +74,7 @@ extern struct config_t config;
 #define FRAGMENTATION_STRATEGY FRAG_STRAT_TCP
 #endif
-#define RAWSOCKET_MARK (1 << 15)
+#define DEFAULT_RAWSOCKET_MARK (1 << 15)
 #ifdef USE_SEG2_DELAY
 #define SEG2_DELAY 100
@@ -69,14 +83,16 @@ extern struct config_t config;
 #define FAKE_TTL 8
 // Will invalidate fake packets by out-of-ack_seq out-of-seq request
-#define FAKE_STRAT_ACK_SEQ 1
+#define FAKE_STRAT_RAND_SEQ	1
 // Will assume that GGC server is located further than FAKE_TTL
 // Thus, Fake packet will be eliminated automatically.
-#define FAKE_STRAT_TTL 2
+#define FAKE_STRAT_TTL		2
 #define FAKE_STRAT_PAST_SEQ	3
 #define FAKE_STRAT_TCP_CHECK	4
 #ifndef FAKING_STRATEGY
-#define FAKING_STRATEGY FAKE_STRAT_ACK_SEQ
+#define FAKING_STRATEGY FAKE_STRAT_PAST_SEQ
 #endif
 #if !defined(SILENT) && !defined(KERNEL_SPACE)
@@ -85,7 +101,7 @@ extern struct config_t config;
 // The Maximum Transmission Unit size for rawsocket
 // Larger packets will be fragmented. Applicable for Chrome's kyber.
-#define AVAILABLE_MTU 1384
+#define AVAILABLE_MTU 1500
 #define DEFAULT_QUEUE_NUM 537
--- a/logging.h
+++ b/logging.h
@@ -0,0 +1,43 @@
 #ifndef LOGGING_H
 #define LOGGING_H
 #include "config.h"
 #define LOG_LEVEL (config.verbose)
 #ifdef KERNEL_SPACE
 #include <linux/printk.h>
 #define printf pr_info
 #define perror pr_err
 #define lgerror(msg, ret, ...) __extension__ ({		\
 	printf(msg ": %d\n", ##__VA_ARGS__, ret);	\
 })
 #else
 #include <stdio.h> // IWYU pragma: export
 #include <errno.h>
 #define lgerror(msg, ret, ...) __extension__ ({			\
 	errno = -(ret);						\
 	printf(msg ": %s\n", ##__VA_ARGS__, strerror(errno));	\
 })
 #endif /* PROGRAM_SPACE */
 #define lgdebug(msg, ...) \
 (LOG_LEVEL >= VERBOSE_DEBUG ? printf(msg, ##__VA_ARGS__) : 0)
 #define lgdebugmsg(msg, ...) lgdebug(msg "\n", ##__VA_ARGS__)
 #define lgtrace(msg, ...) \
 (LOG_LEVEL >= VERBOSE_TRACE ? printf(msg, ##__VA_ARGS__) : 0)
 #define lgtracemsg(msg, ...) lgtrace(msg "\n", __VA_ARGS__)
 #define lgtrace_start(msg, ...) \
 (LOG_LEVEL >= VERBOSE_TRACE ? printf("[TRACE] " msg " ( ", ##__VA_ARGS__) : 0)
 #define lgtrace_addp(msg, ...) \
 (LOG_LEVEL >= VERBOSE_TRACE ? printf(msg", ", ##__VA_ARGS__) : 0)
 #define lgtrace_end() \
 (LOG_LEVEL >= VERBOSE_TRACE ? printf(") \n") : 0)
 #endif /* LOGGING_H */
--- a/mangle.c
+++ b/mangle.c
--- a/mangle.h
+++ b/mangle.h
@@ -1,35 +1,7 @@
 #ifndef YU_MANGLE_H
 #define YU_MANGLE_H
-#ifdef KERNEL_SPACE
+#include "types.h"
 #include <linux/types.h>
 typedef __u8 uint8_t;
 typedef __u32 uint32_t;
 #include <linux/string.h>
 #include <linux/errno.h>
 #include <linux/stddef.h>
 #include <linux/net.h>
 #include <linux/in.h>
 #include <linux/ip.h>
 #include <linux/tcp.h>
 #include <asm/byteorder.h>
 /* from <netinet/ip.h> */
 #define	IP_RF 0x8000			/* reserved fragment flag */
 #define	IP_DF 0x4000			/* dont fragment flag */
 #define	IP_MF 0x2000			/* more fragments flag */
 #define	IP_OFFMASK 0x1fff		/* mask for fragmenting bits */
 #else
 #define USER_SPACE
 #include <stdint.h>
 #include <string.h>
 #include <errno.h>
 #include <arpa/inet.h>
 #include <netinet/ip.h>
 #include <netinet/tcp.h>
 #endif
 /**
 * Result of analyze_tls_data function
@@ -46,54 +18,19 @@ struct tls_verdict {
 */
 struct tls_verdict analyze_tls_data(const uint8_t *data, uint32_t dlen);
 /**
 * Splits the packet to two IP fragments on position payload_offset.
 * payload_offset indicates the position relatively to start of IP payload
 * (start of transport header)
 */
 int ip4_frag(const uint8_t *pkt, uint32_t pktlen, 
 			uint32_t payload_offset, 
 			uint8_t *frag1, uint32_t *f1len, 
 			uint8_t *frag2, uint32_t *f2len);
 /**
 * Splits the packet to two TCP segments on position payload_offset
 * payload_offset indicates the position relatively to start of TCP payload.
 */
 int tcp4_frag(const uint8_t *pkt, uint32_t pktlen, 
 			uint32_t payload_offset, 
 			uint8_t *seg1, uint32_t *s1len, 
 			uint8_t *seg2, uint32_t *s2len);
 /**
 * Splits the raw packet payload to ip header and ip payload.
 */
 int ip4_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct iphdr **iph, uint32_t *iph_len, 
 		       uint8_t **payload, uint32_t *plen);
 /**
 * Splits the raw packet payload to ip header, tcp header and tcp payload.
 */
 int tcp4_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct iphdr **iph, uint32_t *iph_len,
 		       struct tcphdr **tcph, uint32_t *tcph_len,
 		       uint8_t **payload, uint32_t *plen);
 void tcp4_set_checksum(struct tcphdr *tcph, struct iphdr *iph);
 void ip4_set_checksum(struct iphdr *iph);
 /**
 * Generates fake client hello message
 */
-int gen_fake_sni(const struct iphdr *iph, const struct tcphdr *tcph, 
+int gen_fake_sni(const void *iph, uint32_t iph_len, 
 		 const struct tcphdr *tcph, uint32_t tcph_len, 
 		 uint8_t *buf, uint32_t *buflen);
 /**
 * Invalidates the raw packet. The function aims to invalid the packet
 * in such way as it will be accepted by DPI, but dropped by target server
 */
-int fail4_packet(uint8_t *payload, uint32_t plen);
+int fail_packet(uint8_t *payload, uint32_t plen);
 #define PKT_ACCEPT	0
 #define PKT_DROP	1
@@ -104,10 +41,24 @@ int fail4_packet(uint8_t *payload, uint32_t plen);
 */
 int process_packet(const uint8_t *packet, uint32_t packet_len);
 /**
 * Processe the TCP packet.
 * Returns verdict.
 */
 int process_tcp_packet(const uint8_t *raw_payload, uint32_t raw_payload_len);
 /**
 * Processes the UDP packet.
 * Returns verdict.
 */
 int process_udp4_packet(const uint8_t *pkt, uint32_t pktlen);
 /**
 * Sends fake client hello.
 */
-int post_fake_sni(const struct iphdr *iph, unsigned int iph_len, 
+int post_fake_sni(const void *iph, unsigned int iph_len, 
 		     const struct tcphdr *tcph, unsigned int tcph_len,
 		     unsigned char sequence_len);
@@ -116,7 +67,7 @@ int post_fake_sni(const struct iphdr *iph, unsigned int iph_len,
 * Poses are relative to start of TCP payload.
 * dvs used internally and should be zero.
 */
-int send_tcp4_frags(
+int send_tcp_frags(
 	const uint8_t *packet, uint32_t pktlen, 
 	const uint32_t *poses, uint32_t poses_len, uint32_t dvs);
--- a/owrt/537-youtubeUnblock.nft
+++ b/owrt/537-youtubeUnblock.nft
@@ -1,5 +1,5 @@
 #!/usr/sbin/nft -f
 # This file install nftables rules for openwrt
-insert rule inet fw4 mangle_forward tcp dport 443 ct original packets < 20 counter queue num 537 bypass
+add rule inet fw4 mangle_forward tcp dport 443 ct original packets < 20 counter queue num 537 bypass
 insert rule inet fw4 output mark and 0x8000 == 0x8000 counter accept
--- a/owrt/youtubeUnblock.owrt
+++ b/owrt/youtubeUnblock.owrt
@@ -4,6 +4,7 @@ USE_PROCD=1
 START=50
 STOP=50
 # Openwrt procd script: https://openwrt.org/docs/guide-developer/procd-init-script-example
 # The program should be put into /usr/bin/
 # This file should be put into /etc/init.d/
--- a/quic.c
+++ b/quic.c
@@ -0,0 +1,140 @@
 #include "quic.h"
 #include "logging.h"
 /**
 * Packet number.
 */
 struct quic_pnumber {
 	uint8_t d1;
 	uint8_t d2;
 	uint8_t d3;
 	uint8_t d4;
 };
 uint64_t quic_parse_varlength(uint8_t *variable, uint64_t *mlen) {
 	if (mlen && *mlen == 0) return 0;
 	uint64_t vr = (*variable & 0x3F);
 	uint8_t len = 1 << (*variable >> 6);
 	if (mlen) {
 		if (*mlen < len) return 0;
 		*mlen = len;
 	}
 	++variable;
 	for (uint8_t i = 1; i < len; i++) {
 		vr = (vr << 8) + *variable;
 		++variable;
 	}
 	return vr;
 }
 int quic_parse_data(uint8_t *raw_payload, uint32_t raw_payload_len,
 		struct quic_lhdr **qch, uint32_t *qch_len,
 		struct quic_cids *qci,
 		uint8_t **payload, uint32_t *plen) {
 	if (	raw_payload == NULL || 
 		raw_payload_len < sizeof(struct quic_lhdr)) 
 		goto invalid_packet;
 	struct quic_lhdr *nqch = (struct quic_lhdr *)raw_payload;
 	uint32_t left_len = raw_payload_len - sizeof(struct quic_lhdr);
 	uint8_t *cur_rawptr = raw_payload + sizeof(struct quic_lhdr);
 	if (!nqch->fixed) {
 		lgtrace_addp("quic fixed uset");
 		return -EPROTO;
 	}
 	uint8_t found = 0;
 	for (uint8_t i = 0; i < sizeof(supported_versions); i++) {
 		if (ntohl(nqch->version) == supported_versions[i]) {
 			found = 1;
 		}
 	}
 	if (!found) {
 		lgtrace_addp("quic version undefined %d", ntohl(nqch->version));
 		return -EPROTO;
 	}
 	lgtrace_addp("quic version valid %d", ntohl(nqch->version));
 	if (left_len < 2) goto invalid_packet;
 	struct quic_cids nqci = {0};
 	nqci.dst_len = *cur_rawptr++;
 	left_len--;
 	if (left_len < nqci.dst_len) goto invalid_packet;
 	nqci.dst_id = cur_rawptr;
 	cur_rawptr += nqci.dst_len;
 	left_len -= nqci.dst_len;
 	nqci.src_len = *cur_rawptr++;
 	left_len--;
 	if (left_len < nqci.src_len) goto invalid_packet;
 	nqci.src_id = cur_rawptr;
 	cur_rawptr += nqci.src_len;
 	left_len -= nqci.src_len;
 	if (qch) *qch = nqch;
 	if (qch_len) {
 		*qch_len = sizeof(struct quic_lhdr) + 
 			nqci.src_len + nqci.dst_len;
 	}
 	if (qci) *qci = nqci;
 	if (payload) *payload = cur_rawptr;
 	if (plen) *plen = left_len;
 	return 0;
 invalid_packet:
 	return -EINVAL;
 }
 int quic_parse_initial_message(uint8_t *inpayload, uint32_t inplen,
 			const struct quic_lhdr *qch, 
 			struct quici_hdr *qhdr,
 			uint8_t **payload, uint32_t *plen) {
 	if (inplen < 3) goto invalid_packet;
 	struct quici_hdr nqhdr;
 	uint8_t *cur_ptr = inpayload;
 	uint32_t left_len = inplen;
 	uint64_t tlen = left_len;
 	nqhdr.token_len = quic_parse_varlength(cur_ptr, &tlen);
 	nqhdr.token = cur_ptr + tlen;
 	if (left_len < nqhdr.token_len + tlen) 
 		goto invalid_packet;
 	cur_ptr += tlen + nqhdr.token_len;
 	left_len -= tlen + nqhdr.token_len;
 	tlen = left_len;
 	nqhdr.length = quic_parse_varlength(cur_ptr, &tlen);
 	if (left_len != nqhdr.length + tlen && 
 		left_len <= qch->number_length + 1)
 		goto invalid_packet;
 	uint32_t packet_number = 0;
 	for (uint8_t i = 0; i <= qch->number_length; i++) {
 		packet_number = (packet_number << 8) + *cur_ptr++;
 		left_len--;
 	}
 	nqhdr.packet_number = packet_number;
 	if (qhdr) *qhdr = nqhdr;
 	if (payload) *payload = cur_ptr;
 	if (plen) *plen = left_len;
 	return 0;
 invalid_packet:
 	lgerror("QUIC invalid Initial packet", -EINVAL);
 	return -EINVAL;
 }
--- a/quic.h
+++ b/quic.h
@@ -0,0 +1,128 @@
 #ifndef QUIC_H
 #define QUIC_H
 #include "types.h"
 /**
 * @macro
 *
 * :macro:`NGTCP2_INITIAL_SALT_V1` is a salt value which is used to
 * derive initial secret.  It is used for QUIC v1.
 */
 #define QUIC_INITIAL_SALT_V1 \
 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17\x9a\xe6\xa4\xc8\x0c\xad" \
 "\xcc\xbb\x7f\x0a"
 /**
 * @macro
 *
 * :macro:`NGTCP2_INITIAL_SALT_V2` is a salt value which is used to
 * derive initial secret.  It is used for QUIC v2.
 */
 #define QUIC_INITIAL_SALT_V2 \
 "\x0d\xed\xe3\xde\xf7\x00\xa6\xdb\x81\x93\x81\xbe\x6e\x26\x9d\xcb" \
 "\xf9\xbd\x2e\xd9"
 #define QUIC_INITIAL_TYPE	0
 #define QUIC_0_RTT_TYPE		1
 #define QUIC_HANDSHAKE_TYPE	2
 #define QUIC_RETRY_TYPE		3
 #define QUIC_INITIAL_TYPE_V1	0b00
 #define QUIC_0_RTT_TYPE_V1	0b01
 #define QUIC_HANDSHAKE_TYPE_V1	0b10
 #define QUIC_RETRY_TYPE_V1	0b11
 #define quic_convtype_v1(type) (type)
 #define QUIC_INITIAL_TYPE_V2	0b01
 #define QUIC_0_RTT_TYPE_V2	0b10
 #define QUIC_HANDSHAKE_TYPE_V2	0b11
 #define QUIC_RETRY_TYPE_V2	0b00
 #define quic_convtype_v2(type) (((type) + 1) & 0b11)
 #define QUIC_V1	1		// RFC 9000
 #define QUIC_V2	0x6b3343cf	// RFC 9369
 static const uint32_t supported_versions[] = {
 	QUIC_V1,
 	QUIC_V2,
 };
 /**
 * Quic Large Header
 */
 struct quic_lhdr {
 #if __BYTE_ORDER == __LITTLE_ENDIAN
 	uint8_t number_length:2;
 	uint8_t reserved:2;
 	uint8_t type:2;
 	uint8_t fixed:1;
 	uint8_t form:1;
 #elif __BYTE_ORDER == __BIG_ENDIAN
 	uint8_t form:1;
 	uint8_t fixed:1;
 	uint8_t type:2;
 	uint8_t reserved:2;
 	uint8_t number_length:2;
 #else
 #error "Undefined endian"
 #endif
 	uint32_t version;
 }__attribute__((packed));
 /**
 * Quic Large Header Ids 
 * (separated from the original header because of varying dst 
 */
 struct quic_cids {
 	uint8_t dst_len;
 	uint8_t *dst_id;
 	uint8_t src_len;
 	uint8_t *src_id;
 };
 /**
 * Parses QUIС raw data (UDP payload) to quic large header and 
 * quic payload.
 *
 * \qch_len is sizeof(qch) + qci->dst_len + qci->src_id
 * \payload is Type-Specific payload (#17.2).
 */
 int quic_parse_data(uint8_t *raw_payload, uint32_t raw_payload_len,
 		struct quic_lhdr **qch, uint32_t *qch_len,
 		struct quic_cids *qci,
 		uint8_t **payload, uint32_t *plen);
 /**
 * Parses QUIC variable-length integer. (#16)
 * \variable is a pointer to the sequence to be parsed
 * (varlen integer in big endian format)
 *
 * \mlen Used to signal about variable length and validate left length
 * in the buffer.
 */
 uint64_t quic_parse_varlength(uint8_t *variable, uint64_t *mlen);
 // quici stands for QUIC Initial
 /**
 * This structure should be parsed
 */
 struct quici_hdr {
 	uint64_t token_len;
 	uint8_t *token;
 	uint64_t length;
 	uint32_t packet_number;
 };
 /**
 * Parses QUIC initial payload.
 * \inpayload is a raw QUIC payload (payload after quic large header)
 */
 int quic_parse_initial_message(uint8_t *inpayload, uint32_t inplen,
 			const struct quic_lhdr *qch,
 			struct quici_hdr *qhdr,
 			uint8_t **payload, uint32_t *plen);
 #endif /* QUIC_H */
--- a/raw_replacements.h
+++ b/raw_replacements.h
@@ -5,4 +5,6 @@
 static const char fake_sni[] = "\026\003\001\002\000\001\000\001\374\003\003\323[\345\201f\362\200:B\356Uq\355X\315i\235*\021\367\331\272\a>\233\254\355\307/\342\372\265 \275\2459l&r\222\313\361\3729`\376\256\233\333O\001\373\33050\r\260f,\231\035  \324^\000>\023\002\023\003\023\001\300,\3000\000\237\314\251\314\250\314\252\300+\300/\000\236\300$\300(\000k\300#\300'\000g\300\n\300\024\0009\300\t\300\023\0003\000\235\000\234\000=\000<\0005\000/\000\377\001\000\001u\000\000\000\023\000\021\000\000\016www.google.com\000\v\000\004\003\000\001\002\000\n\000\026\000\024\000\035\000\027\000\036\000\031\000\030\001\000\001\001\001\002\001\003\001\004\000\020\000\016\000\f\002h2\bhttp/1.1\000\026\000\000\000\027\000\000\0001\000\000\000\r\0000\000.\004\003\005\003\006\003\b\a\b\b\b\032\b\033\b\034\b\t\b\n\b\v\b\004\b\005\b\006\004\001\005\001\006\001\003\003\003\001\003\002\004\002\005\002\006\002\000+\000\005\004\003\004\003\003\000-\000\002\001\001\0003\000&\000$\000\035\000 \004\224\206\021\256\f\222\266\3435\216\202\342\2573\341\3503\2107\341\023\016\240r|6\000^K\310s\000\025\000\255\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000";
 static const char fake_sni_old[] = "\026\003\001\004\316\001\000\004\312\003\003K+\272\314\340\306\374>dw%\f\223\346\225\270\270~\335\027\f\264\341H\267\357\303\216T\322[\371 \245\320\212V6\374\3706\232\0216B\325\273P\b\300>\0332>\362\323\033\322\301\204\022f8\223\214\000\"\023\001\023\003\023\002\300+\300/\314\251\314\250\300,\3000\300\n\300\t\300\023\300\024\000\234\000\235\000/\0005\001\000\004_\000\000\000\023\000\021\000\000\016www.google.com\000\027\000\000\377\001\000\001\000\000\n\000\016\000\f\000\035\000\027\000\030\000\031\001\000\001\001\000\v\000\002\001\000\000\020\000\v\000\t\bhttp/1.1\000\005\000\005\001\000\000\000\000\000\"\000\n\000\b\004\003\005\003\006\003\002\003\0003\000k\000i\000\035\000 \333C\212\234-\t\237#\202\\\231\311\022]\333\341t(\t\276U\373u\234\316J~,^|*Z\000\027\000A\004k\n\255\254\376X\226t\001;n~\033\034.\245\027\024\3762_\352$\374\346^f\fF,\201\275\263\336O\231\001\032\200\357dI\266y\031\323\311vR\232\004\r\366FT\004\335\326\356\256\230B\t\313\000*\000\000\000+\000\005\004\003\004\003\003\000\r\000\030\000\026\004\003\005\003\006\003\b\004\b\005\b\006\004\001\005\001\006\001\002\003\002\001\000-\000\002\001\001\000\034\000\002@\001\376\r\0029\000\000\001\000\003\344\000 \337\306\243\332Y\033\a\252\352\025\365Z\035\223\226\304\255\363\215G\356g\344%}7\217\033n\211^\201\002\017g\267\334\326OD}\336\341ZC\230\226'\225\313\357\211\\\242\273\030k\216\377U\315\206\2410\200\203\332Z\223\005\370\b\304\370f\017\200\023\241\223~?\270{\037b\312\001\270\227\366\356\352\002\314\351\006\237\241q\226\300\314\321o\247{\201\317\230}B\005T\3660\335\320\332r?S\217\tq\036\031\326I|\237]\311 c\f\024r\031\310W\373\257\314q)q\030\237\261\227\217Kd?\257'G\320\020\340\256ND\247\005\341\324\024OP>\370\350\270b\311wAj\t\311\213\365i\203\230x\207\354\245<\274\202\230c\v0Y\263\364\022\303a\200\022\031\314\271rl=\327\336\001\327\264\267\342\353\352=\354[u\224\260\257\034\004\232\023\226}\227\030e\221\"\350\207\027dId\324\305\362N:\035\307`\204\337\201;\221\320\266b\362hrH\345e\206\246%\006\020a4\3430\036\225\215\274\275\360Q&\271\237)\222uK\362\017o\220\226W\357\267#\357\v\023\354\213\2629\331\ad\005/~6k\000[\247\301\270\310qJ\004\303|m5\363\376Y\002\243}6\251x\024\331)GH\335\205rI\032\f\210\a\212\347]\271\030\347.\021\213\365\026\030\340/Ny\r\332\3577\3203\026iX}>\2507\327&XRXU!\017\270I\313\352\350^?\352Uss\017\266pF\222NI\245\307_\305#\361\352\243+-\266\317Q\036s\243\277\355{S&\023>\275\360\215\032V\237XOY\345u>\002\305\252T\354\035\327v{P\352M\233\366\221\270\377\251\261f+rF\201wL2W\266X\252\242X\2536I\337c\205uZ\254Fe\305h\t\371\376\216r\336Y\327h\347*\331\257-ZQ{(\336\226\206\017\037\036\021\341\027z\033\254\235\252\227\224\004?p\243\351\\\263\352\205\327#W\345\255\256\375\267bP\3047\363!*K\003t\212(\306\214P\215\3506j\025\375\213e\254s\000)\001\034\000\367\000\361\002\276W%\232?\326\223\277\211v\017\a\361\347\312N\226\024L\260v\210\271j\324[|\270\344\3773\321-\313b>~\310\253XIR\324)&;\033{g;)\344\255\226\370\347I\\y\020\324\360\211vC\310\226s\267|\273$\341\332\2045qh\245w\2255\214\316\030\255\301\326C\343\304=\245\231h`yd\000#s\002\370\374Z\0336\245\361\226\222\306\032k\2457\016h\314(R;\326T~EHH\352\307\023^\247\363\321`V\340\253Z\233\357\227I\373\337z\177\nv\261\252\371\017\226\223\345\005\315y4\b\236N0\2630\017\215c\305&L\260\346J\237\203Q(\335W\027|>\3553\275j\307?W5\3463kc\350\262C\361 \037w!\371}\214\"I\377|\331@a;\342\3566\312\272Z\327u7\204'\215YBLL\235\236\242\345\215\245T\211a\312\263\342\000! \221\202X$\302\317\203\246\207c{\231\330\264\324\\k\271\272\336\356\002|\261O\207\030+\367P\317\356";
 #endif /*RAW_REPLACEMENTS_H*/
--- a/types.h
+++ b/types.h
@@ -0,0 +1,63 @@
 #define _GNU_SOURCE
 #ifndef TYPES_H
 #define TYPES_H
 #include <asm/byteorder.h>
 #ifdef KERNEL_SCOPE
 #include <linux/errno.h> // IWYU pragma: export
 #include <linux/string.h> // IWYU pragma: export
 #include <linux/types.h>
 typedef __u8	uint8_t;
 typedef __u16	uint16_t;
 typedef __u32 	uint32_t;
 typedef __u64 	uint64_t;
 typedef __i8	int8_t;
 typedef __i16	int16_t;
 typedef __i32	int32_t;
 typedef __i64	int64_t;
 #else /* USERSPACE_SCOPE */
 #include <errno.h>  // IWYU pragma: export
 #include <stdint.h> // IWYU pragma: export
 #include <string.h> // IWYU pragma: export
 #endif /* SCOPES */
 // Network specific structures
 #ifdef KERNEL_SPACE
 #include <linux/stddef.h> // IWYU pragma: export
 #include <linux/net.h> // IWYU pragma: export
 #include <linux/in.h> // IWYU pragma: export
 #include <linux/ip.h> // IWYU pragma: export
 #include <linux/tcp.h> // IWYU pragma: export
 /* from <netinet/ip.h> */
 #define	IP_RF 0x8000			/* reserved fragment flag */
 #define	IP_DF 0x4000			/* dont fragment flag */
 #define	IP_MF 0x2000			/* more fragments flag */
 #define	IP_OFFMASK 0x1fff		/* mask for fragmenting bits */
 #else
 #define USER_SPACE
 #include <arpa/inet.h>		// IWYU pragma: export
 #include <netinet/ip.h>		// IWYU pragma: export
 #include <netinet/ip6.h>	// IWYU pragma: export
 #include <netinet/tcp.h>	// IWYU pragma: export
 #include <netinet/udp.h>	// IWYU pragma: export
 #endif
 #define max(a,b)__extension__\
 ({                           \
    __typeof__ (a) _a = (a); \
    __typeof__ (b) _b = (b); \
    _a > _b ? _a : _b;       \
 })
 #define min(a,b)__extension__\
 ({                           \
    __typeof__ (a) _a = (a); \
    __typeof__ (b) _b = (b); \
    _a < _b ? _a : _b;       \
 })
 #endif /* TYPES_H */
--- a/uspace.mk
+++ b/uspace.mk
@@ -1,3 +1,6 @@
 #Check for using system libs
 USE_SYS_LIBS := no
 #Userspace app makes here
 BUILD_DIR := $(CURDIR)/build
 DEPSDIR := $(BUILD_DIR)/deps
@@ -5,8 +8,14 @@ DEPSDIR := $(BUILD_DIR)/deps
 CC:=gcc
 CCLD:=$(CC)
 LD:=ld
-override CFLAGS += -Wall -Wpedantic -Wno-unused-variable -I$(DEPSDIR)/include -std=gnu11
+
-override LDFLAGS += -L$(DEPSDIR)/lib
+ifeq ($(USE_SYS_LIBS), no)
 	override CFLAGS += -Wall -Wpedantic -Wno-unused-variable -I$(DEPSDIR)/include -std=gnu11
 	override LDFLAGS += -L$(DEPSDIR)/lib
 	REQ = $(LIBNETFILTER_QUEUE) $(LIBMNL) $(LIBCRYPTO)
 else
 	override CFLAGS += -Wall -Wpedantic -Wno-unused-variable -std=gnu11
 endif
 LIBNFNETLINK_CFLAGS := -I$(DEPSDIR)/include
 LIBNFNETLINK_LIBS := -L$(DEPSDIR)/lib
@@ -22,13 +31,13 @@ export CC CCLD LD CFLAGS LDFLAGS LIBNFNETLINK_CFLAGS LIBNFNETLINK_LIBS LIBMNL_CF
 APP:=$(BUILD_DIR)/youtubeUnblock
-SRCS := youtubeUnblock.c mangle.c args.c
+SRCS := youtubeUnblock.c mangle.c args.c utils.c quic.c
 OBJS := $(SRCS:%.c=$(BUILD_DIR)/%.o)
-LIBNFNETLINK := $(DEPSDIR)/lib/libnfnetlink.a
+LIBNFNETLINK := $(DEPSDIR)/lib/libnfnetlink.la
-LIBMNL := $(DEPSDIR)/lib/libmnl.a
+LIBMNL := $(DEPSDIR)/lib/libmnl.la
-LIBNETFILTER_QUEUE := $(DEPSDIR)/lib/libnetfilter_queue.a
+LIBNETFILTER_QUEUE := $(DEPSDIR)/lib/libnetfilter_queue.la
-
+#LIBCRYPTO := $(DEPSDIR)/lib64/libcrypto.a
 .PHONY: default all dev dev_attrs prepare_dirs
 default: all
@@ -47,6 +56,11 @@ prepare_dirs:
 	mkdir -p $(BUILD_DIR)
 	mkdir -p $(DEPSDIR)
 $(LIBCRYPTO):
 	cd deps/openssl && ./Configure --prefix=$(DEPSDIR) $(if $(CROSS_COMPILE_PLATFORM),--cross-compile-prefix=$(CROSS_COMPILE_PLATFORM)-,) --no-shared
 	$(MAKE) -C deps/openssl
 	$(MAKE) install_sw -C deps/openssl
 $(LIBNFNETLINK):
 	cd deps/libnfnetlink && ./autogen.sh && ./configure --prefix=$(DEPSDIR) $(if $(CROSS_COMPILE_PLATFORM),--host=$(CROSS_COMPILE_PLATFORM),) --enable-static --disable-shared
 	$(MAKE) -C deps/libnfnetlink
@@ -57,16 +71,16 @@ $(LIBMNL):
 	$(MAKE) -C deps/libmnl
 	$(MAKE) install -C deps/libmnl
-$(LIBNETFILTER_QUEUE): $(LIBNFNETLINK) $(LIBMNL)
+$(LIBNETFILTER_QUEUE): $(LIBNFNETLINK) $(LIBMNL) 
 	cd deps/libnetfilter_queue && ./autogen.sh && ./configure --prefix=$(DEPSDIR) $(if $(CROSS_COMPILE_PLATFORM),--host=$(CROSS_COMPILE_PLATFORM),) --enable-static --disable-shared
 	$(MAKE) -C deps/libnetfilter_queue
 	$(MAKE) install -C deps/libnetfilter_queue
-$(APP): $(OBJS) $(LIBNETFILTER_QUEUE) $(LIBMNL)
+$(APP): $(OBJS) $(REQ)
 	@echo 'CCLD $(APP)'
 	$(CCLD) $(OBJS) -o $(APP) $(LDFLAGS) -lmnl -lnetfilter_queue -lpthread
-$(BUILD_DIR)/%.o: %.c $(LIBNETFILTER_QUEUE) $(LIBMNL) config.h
+$(BUILD_DIR)/%.o: %.c $(REQ) config.h
 	@echo 'CC $@'
 	$(CC) -c $(CFLAGS) $(LDFLAGS) $< -o $@
@@ -84,8 +98,13 @@ uninstall:
 	-systemctl disable youtubeUnblock.service
 clean:
 	find $(BUILD_DIR) -maxdepth 1 -type f | xargs rm -rf
 distclean: clean
 	rm -rf $(BUILD_DIR)
 ifeq ($(USE_SYS_LIBS), no)
 	$(MAKE) distclean -C deps/libnetfilter_queue || true
 	$(MAKE) distclean -C deps/libmnl || true
 	$(MAKE) distclean -C deps/libnfnetlink || true
-
+	#$(MAKE) distclean -C deps/openssl || true
 endif
--- a/utils.c
+++ b/utils.c
@@ -0,0 +1,442 @@
 #include "utils.h"
 #include "logging.h"
 #include <netinet/in.h>
 #ifdef KERNEL_SPACE
 #include <linux/ip.h>
 #else 
 #include <stdlib.h>
 #include <libnetfilter_queue/libnetfilter_queue_ipv4.h>
 #include <libnetfilter_queue/libnetfilter_queue_ipv6.h>
 #include <libnetfilter_queue/libnetfilter_queue_tcp.h>
 #endif
 void tcp4_set_checksum(struct tcphdr *tcph, struct iphdr *iph) 
 {
 #ifdef KERNEL_SPACE
 	uint32_t tcp_packet_len = ntohs(iph->tot_len) - (iph->ihl << 2);
 	tcph->check = 0;
 	tcph->check = csum_tcpudp_magic(
 		iph->saddr, iph->daddr, tcp_packet_len,
 		IPPROTO_TCP, 
 		csum_partial(tcph, tcp_packet_len, 0));
 #else
 	nfq_tcp_compute_checksum_ipv4(tcph, iph);
 #endif
 }
 void ip4_set_checksum(struct iphdr *iph) 
 {
 #ifdef KERNEL_SPACE
 	iph->check = 0;
 	iph->check = ip_fast_csum(iph, iph->ihl);
 #else
 	nfq_ip_set_checksum(iph);
 #endif
 }
 void tcp6_set_checksum(struct tcphdr *tcph, struct ip6_hdr *iph) {
 	uint16_t old_check = ntohs(tcph->check);
 	nfq_tcp_compute_checksum_ipv6(tcph, iph);
 }
 int set_ip_checksum(void *iph, uint32_t iphb_len) {
 	int ipvx = netproto_version(iph, iphb_len);
 	if (ipvx == IP4VERSION) {
 		ip4_set_checksum(iph);
 	} else if (ipvx == IP6VERSION) { // IP6 has no checksums
 	} else 
 		return -1;
 	return 0;
 }
 int set_tcp_checksum(struct tcphdr *tcph, void *iph, uint32_t iphb_len) {
 	int ipvx = netproto_version(iph, iphb_len);
 	if (ipvx == IP4VERSION) {
 		tcp4_set_checksum(tcph, iph);
 	} else if (ipvx == IP6VERSION) {
 		tcp6_set_checksum(tcph, iph);
 	} else 
 		return -1;
 	return 0;
 }
 int ip4_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct iphdr **iph, uint32_t *iph_len, 
 		       uint8_t **payload, uint32_t *plen) {
 	if (pkt == NULL || buflen < sizeof(struct iphdr)) {
 		lgerror("ip4_payload_split: pkt|buflen", -EINVAL);
 		return -EINVAL;
 	}
 	struct iphdr *hdr = (struct iphdr *)pkt;
 	if (netproto_version(pkt, buflen) != IP4VERSION) {
 		lgerror("ip4_payload_split: ipversion", -EINVAL);
 		return -EINVAL;
 	}
 	uint32_t hdr_len = hdr->ihl * 4;
 	uint32_t pktlen = ntohs(hdr->tot_len);
 	if (buflen < pktlen || hdr_len > pktlen) {
 		lgerror("ip4_payload_split: buflen cmp pktlen", -EINVAL);
 		return -EINVAL;
 	}
 	if (iph) 
 		*iph = hdr;
 	if (iph_len)
 		*iph_len = hdr_len;
 	if (payload)
 		*payload = pkt + hdr_len;
 	if (plen)
 		*plen = pktlen - hdr_len;
 	return 0;
 }
 int tcp4_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct iphdr **iph, uint32_t *iph_len,
 		       struct tcphdr **tcph, uint32_t *tcph_len,
 		       uint8_t **payload, uint32_t *plen) {
 	struct iphdr *hdr;
 	uint32_t hdr_len;
 	struct tcphdr *thdr;
 	uint32_t thdr_len;
 	uint8_t *tcph_pl;
 	uint32_t tcph_plen;
 	if (ip4_payload_split(pkt, buflen, &hdr, &hdr_len, 
 			&tcph_pl, &tcph_plen)){
 		return -EINVAL;
 	}
 	if (
 		hdr->protocol != IPPROTO_TCP || 
 		tcph_plen < sizeof(struct tcphdr)) {
 		return -EINVAL;
 	}
 	thdr = (struct tcphdr *)(tcph_pl);
 	thdr_len = thdr->doff * 4;
 	if (thdr_len > tcph_plen) {
 		return -EINVAL;
 	}
 	if (iph) *iph = hdr;
 	if (iph_len) *iph_len = hdr_len;
 	if (tcph) *tcph = thdr;
 	if (tcph_len) *tcph_len = thdr_len;
 	if (payload) *payload = tcph_pl + thdr_len;
 	if (plen) *plen = tcph_plen - thdr_len;
 	return 0;
 }
 int ip6_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct ip6_hdr **iph, uint32_t *iph_len, 
 		       uint8_t **payload, uint32_t *plen) {
 	if (pkt == NULL || buflen < sizeof(struct ip6_hdr)) {
 		lgerror("ip6_payload_split: pkt|buflen", -EINVAL);
 		return -EINVAL;
 	}
 	struct ip6_hdr *hdr = (struct ip6_hdr *)pkt;
 	if (netproto_version(pkt, buflen) != 6) {
 		lgerror("ip6_payload_split: ip6version", -EINVAL);
 		return -EINVAL;
 	}
 	uint32_t hdr_len = sizeof(struct ip6_hdr);
 	uint32_t pktlen = ntohs(hdr->ip6_ctlun.ip6_un1.ip6_un1_plen);
 	if (buflen < pktlen) {
 		lgerror("ip6_payload_split: buflen cmp pktlen: %d %d", -EINVAL, buflen, pktlen);
 		return -EINVAL;
 	}
 	if (iph) 
 		*iph = hdr;
 	if (iph_len)
 		*iph_len = hdr_len;
 	if (payload)
 		*payload = pkt + hdr_len;
 	if (plen)
 		*plen = pktlen;
 	return 0;
 }
 int tcp6_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct ip6_hdr **iph, uint32_t *iph_len,
 		       struct tcphdr **tcph, uint32_t *tcph_len,
 		       uint8_t **payload, uint32_t *plen) {
 	struct ip6_hdr *hdr;
 	uint32_t hdr_len;
 	struct tcphdr *thdr;
 	uint32_t thdr_len;
 	uint8_t *tcph_pl;
 	uint32_t tcph_plen;
 	if (ip6_payload_split(pkt, buflen, &hdr, &hdr_len, 
 			&tcph_pl, &tcph_plen)){
 		return -EINVAL;
 	}
 	if (
 		hdr->ip6_ctlun.ip6_un1.ip6_un1_nxt != IPPROTO_TCP || 
 		tcph_plen < sizeof(struct tcphdr)) {
 		return -EINVAL;
 	}
 	thdr = (struct tcphdr *)(tcph_pl);
 	thdr_len = thdr->doff * 4;
 	if (thdr_len > tcph_plen) {
 		return -EINVAL;
 	}
 	if (iph) *iph = hdr;
 	if (iph_len) *iph_len = hdr_len;
 	if (tcph) *tcph = thdr;
 	if (tcph_len) *tcph_len = thdr_len;
 	if (payload) *payload = tcph_pl + thdr_len;
 	if (plen) *plen = tcph_plen - thdr_len;
 	return 0;
 }
 int tcp_payload_split(uint8_t *pkt, uint32_t buflen,
 		      void **iph, uint32_t *iph_len,
 		      struct tcphdr **tcph, uint32_t *tcph_len,
 		      uint8_t **payload, uint32_t *plen) {
 	int netvers = netproto_version(pkt, buflen);
 	if (netvers == IP4VERSION) {
 		return tcp4_payload_split(pkt, buflen, (struct iphdr **)iph, iph_len, tcph, tcph_len, payload, plen);
 	} else if (netvers == IP6VERSION) {
 		return tcp6_payload_split(pkt, buflen, (struct ip6_hdr **)iph, iph_len, tcph, tcph_len, payload, plen);
 	} else {
 		lgerror("Internet Protocol version is unsupported", -EINVAL);
 		return -EINVAL;
 	}
 }
 int udp4_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct iphdr **iph, uint32_t *iph_len,
 		       struct udphdr **udph,
 		       uint8_t **payload, uint32_t *plen) {
 	struct iphdr *hdr;
 	uint32_t hdr_len;
 	struct udphdr *uhdr;
 	uint32_t uhdr_len;
 	uint8_t *ip_ph;
 	uint32_t ip_phlen;
 	if (ip4_payload_split(pkt, buflen, &hdr, &hdr_len, 
 			&ip_ph, &ip_phlen)){
 		return -EINVAL;
 	}
 	if (
 		hdr->protocol != IPPROTO_UDP || 
 		ip_phlen < sizeof(struct udphdr)) {
 		return -EINVAL;
 	}
 	uhdr = (struct udphdr *)(ip_ph);
 	if (uhdr->len != 0 && ntohs(uhdr->len) != ip_phlen) {
 		return -EINVAL;
 	}
 	if (iph) *iph = hdr;
 	if (iph_len) *iph_len = hdr_len;
 	if (udph) *udph = uhdr;
 	if (payload) *payload = ip_ph + sizeof(struct udphdr);
 	if (plen) *plen = ip_phlen - sizeof(struct udphdr);
 	return 0;
 }
 // split packet to two ipv4 fragments.
 int ip4_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset, 
 			uint8_t *frag1, uint32_t *f1len, 
 			uint8_t *frag2, uint32_t *f2len) {
 	struct iphdr *hdr;
 	const uint8_t *payload;
 	uint32_t plen;
 	uint32_t hdr_len;
 	int ret;
 	if (!frag1 || !f1len || !frag2 || !f2len)
 		return -EINVAL;
 	if ((ret = ip4_payload_split(
 		(uint8_t *)pkt, buflen, 
 		&hdr, &hdr_len, (uint8_t **)&payload, &plen)) < 0) {
 		lgerror("ipv4_frag: TCP Header extract error", ret);
 		return -EINVAL;
 	}
 	if (plen <= payload_offset) {
 		return -EINVAL;
 	}
 	if (payload_offset & ((1 << 3) - 1)) {
 		lgerror("ipv4_frag: Payload offset MUST be a multiply of 8!", -EINVAL);
 		return -EINVAL;
 	}
 	uint32_t f1_plen = payload_offset;
 	uint32_t f1_dlen = f1_plen + hdr_len;
 	uint32_t f2_plen = plen - payload_offset;
 	uint32_t f2_dlen = f2_plen + hdr_len;
 	if (*f1len < f1_dlen || *f2len < f2_dlen) {
 		return -ENOMEM;
 	}
 	*f1len = f1_dlen;
 	*f2len = f2_dlen;
 	memcpy(frag1, hdr, hdr_len);
 	memcpy(frag2, hdr, hdr_len);
 	memcpy(frag1 + hdr_len, payload, f1_plen);
 	memcpy(frag2 + hdr_len, payload + payload_offset, f2_plen);
 	struct iphdr *f1_hdr = (void *)frag1;
 	struct iphdr *f2_hdr = (void *)frag2;
 	uint16_t f1_frag_off = ntohs(f1_hdr->frag_off);
 	uint16_t f2_frag_off = ntohs(f2_hdr->frag_off);
 	f1_frag_off &= IP_OFFMASK;
 	f1_frag_off |= IP_MF;
 	if ((f2_frag_off & ~IP_OFFMASK) == IP_MF) {
 		f2_frag_off &= IP_OFFMASK;
 		f2_frag_off |= IP_MF;
 	} else {
 		f2_frag_off &= IP_OFFMASK;
 	}
 	f2_frag_off += (uint16_t)payload_offset / 8;
 	f1_hdr->frag_off = htons(f1_frag_off);
 	f1_hdr->tot_len = htons(f1_dlen);
 	f2_hdr->frag_off = htons(f2_frag_off);
 	f2_hdr->tot_len = htons(f2_dlen);
 	ip4_set_checksum(f1_hdr);
 	ip4_set_checksum(f2_hdr);
 	return 0;
 }
 // split packet to two tcp-on-ipv4 segments.
 int tcp_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset, 
 			uint8_t *seg1, uint32_t *s1len, 
 			uint8_t *seg2, uint32_t *s2len) {
 	// struct ip6_hdr *hdr6;
 	void *hdr;
 	uint32_t hdr_len;
 	struct tcphdr *tcph;
 	uint32_t tcph_len;
 	uint32_t plen;
 	const uint8_t *payload;
 	int ret;
 	if (!seg1 || !s1len || !seg2 || !s2len)
 		return -EINVAL;
 	if ((ret = tcp_payload_split((uint8_t *)pkt, buflen,
 				&hdr, &hdr_len,
 				&tcph, &tcph_len,
 				(uint8_t **)&payload, &plen)) < 0) {
 		lgerror("tcp_frag: tcp_payload_split", ret);
 		return -EINVAL;
 	}
 	int ipvx = netproto_version(pkt, buflen);
 	if (ipvx == IP4VERSION) {
 		struct iphdr *iphdr = hdr;
 		if (
 			ntohs(iphdr->frag_off) & IP_MF || 
 			ntohs(iphdr->frag_off) & IP_OFFMASK) {
 			lgdebugmsg("tcp_frag: ip4: frag value: %d",
 				ntohs(iphdr->frag_off));
 			lgerror("tcp_frag: ip4: ip fragmentation is set", -EINVAL);
 			return -EINVAL;
 		}
 	}
 	if (plen <= payload_offset) {
 		return -EINVAL;
 	}
 	uint32_t s1_plen = payload_offset;
 	uint32_t s1_dlen = s1_plen + hdr_len + tcph_len;
 	uint32_t s2_plen = plen - payload_offset;
 	uint32_t s2_dlen = s2_plen + hdr_len + tcph_len;
 	if (*s1len < s1_dlen || *s2len < s2_dlen) 
 		return -ENOMEM;
 	*s1len = s1_dlen;
 	*s2len = s2_dlen;
 	memcpy(seg1, hdr, hdr_len);
 	memcpy(seg2, hdr, hdr_len);
 	memcpy(seg1 + hdr_len, tcph, tcph_len);
 	memcpy(seg2 + hdr_len, tcph, tcph_len);
 	memcpy(seg1 + hdr_len + tcph_len, payload, s1_plen);
 	memcpy(seg2 + hdr_len + tcph_len, payload + payload_offset, s2_plen);
 	if (ipvx == IP4VERSION) {
 		struct iphdr *s1_hdr = (void *)seg1;
 		struct iphdr *s2_hdr = (void *)seg2;
 		s1_hdr->tot_len = htons(s1_dlen);
 		s2_hdr->tot_len = htons(s2_dlen);
 	} else {
 		struct ip6_hdr *s1_hdr = (void *)seg1;
 		struct ip6_hdr *s2_hdr = (void *)seg2;
 		s1_hdr->ip6_ctlun.ip6_un1.ip6_un1_plen = htons(s1_dlen - hdr_len);
 		s2_hdr->ip6_ctlun.ip6_un1.ip6_un1_plen = htons(s2_dlen - hdr_len);
 	}
 	struct tcphdr *s1_tcph = (void *)(seg1 + hdr_len);
 	struct tcphdr *s2_tcph = (void *)(seg2 + hdr_len);
 	s2_tcph->seq = htonl(ntohl(s2_tcph->seq) + payload_offset);
 	set_tcp_checksum(s1_tcph, seg1, hdr_len);
 	set_tcp_checksum(s2_tcph, seg2, hdr_len);
 	return 0;
 }
--- a/utils.h
+++ b/utils.h
@@ -0,0 +1,92 @@
 #ifndef UTILS_H
 #define UTILS_H
 #include "types.h"
 #define IP4VERSION 4
 #define IP6VERSION 6
 /**
 * Splits the packet to two IP fragments on position payload_offset.
 * payload_offset indicates the position relatively to start of IP payload
 * (start of transport header)
 */
 int ip4_frag(const uint8_t *pkt, uint32_t pktlen, 
 			uint32_t payload_offset, 
 			uint8_t *frag1, uint32_t *f1len, 
 			uint8_t *frag2, uint32_t *f2len);
 /**
 * Splits the packet to two TCP segments on position payload_offset
 * payload_offset indicates the position relatively to start of TCP payload.
 */
 // int tcp4_frag(const uint8_t *pkt, uint32_t pktlen, 
 // 			uint32_t payload_offset, 
 // 			uint8_t *seg1, uint32_t *s1len, 
 // 			uint8_t *seg2, uint32_t *s2len);
 int tcp_frag(const uint8_t *pkt, uint32_t pktlen,
 			uint32_t payload_offset,
 			uint8_t *seg1, uint32_t *s1len, 
 			uint8_t *seg2, uint32_t *s2len);
 /**
 * Splits the raw packet payload to ip header and ip payload.
 */
 int ip4_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct iphdr **iph, uint32_t *iph_len, 
 		       uint8_t **payload, uint32_t *plen);
 static inline int netproto_version(const uint8_t *pkt, uint32_t buflen) {
 	if (pkt == NULL || buflen == 0)
 		return -1;
 	return (*pkt) >> 4;
 }
 /**
 * Splits the raw packet payload to ip header, tcp header and tcp payload.
 */
 int tcp4_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct iphdr **iph, uint32_t *iph_len,
 		       struct tcphdr **tcph, uint32_t *tcph_len,
 		       uint8_t **payload, uint32_t *plen);
 /**
 * Splits the raw packet payload to ip header and ip payload.
 */
 int ip6_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct ip6_hdr **iph, uint32_t *iph_len, 
 		       uint8_t **payload, uint32_t *plen);
 /**
 * Splits the raw packet payload to ip header, tcp header and tcp payload.
 */
 int tcp6_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct ip6_hdr **iph, uint32_t *iph_len,
 		       struct tcphdr **tcph, uint32_t *tcph_len,
 		       uint8_t **payload, uint32_t *plen);
 int tcp_payload_split(uint8_t *pkt, uint32_t buflen,
 		      void **iph, uint32_t *iph_len,
 		      struct tcphdr **tcph, uint32_t *tcph_len,
 		      uint8_t **payload, uint32_t *plen);
 /**
 * Splits the raw packet payload to ip header, udp header and udp payload.
 */
 int udp4_payload_split(uint8_t *pkt, uint32_t buflen,
 		       struct iphdr **iph, uint32_t *iph_len,
 		       struct udphdr **udph,
 		       uint8_t **payload, uint32_t *plen);
 void tcp4_set_checksum(struct tcphdr *tcph, struct iphdr *iph);
 void ip4_set_checksum(struct iphdr *iph);
 void ip6_set_checksum(struct ip6_hdr *iph);
 void tcp6_set_checksum(struct tcphdr *tcph, struct ip6_hdr *iph);
 int  set_ip_checksum(void *iph, uint32_t iphb_len);
 int  set_tcp_checksum(struct tcphdr *tcph, void *iph, uint32_t iphb_len);
 #endif /* UTILS_H */
--- a/youtubeUnblock.c
+++ b/youtubeUnblock.c
@@ -31,10 +31,15 @@
 #include "config.h"
 #include "mangle.h"
 #include "args.h"
 #include "utils.h"
 #include "logging.h"
 pthread_mutex_t rawsocket_lock;
 int rawsocket = -2;
 pthread_mutex_t raw6socket_lock;
 int raw6socket = -2;
 static int open_socket(struct mnl_socket **_nl) {
 	struct mnl_socket *nl = NULL;
 	nl = mnl_socket_open(NETLINK_NETFILTER);
@@ -82,7 +87,7 @@ static int open_raw_socket(void) {
 		return -1;
 	}
-	int mark = RAWSOCKET_MARK;
+	int mark = config.mark;
 	if (setsockopt(rawsocket, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) < 0)
 	{
 		fprintf(stderr, "setsockopt(SO_MARK, %d) failed\n", mark);
@@ -121,6 +126,134 @@ static int close_raw_socket(void) {
 	return 0;
 }
 static int open_raw6_socket(void) {
 	if (raw6socket != -2) {
 		errno = EALREADY;
 		perror("Raw socket is already opened");
 		return -1;
 	}
 	raw6socket = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW);
 	if (rawsocket == -1) {
 		perror("Unable to create raw socket");
 		return -1;
 	}
 	int mark = config.mark;
 	if (setsockopt(raw6socket, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) < 0)
 	{
 		fprintf(stderr, "setsockopt(SO_MARK, %d) failed\n", mark);
 		return -1;
 	}
 	int mst = pthread_mutex_init(&raw6socket_lock, NULL);
 	if (mst) {
 		fprintf(stderr, "Mutex err: %d\n", mst);
 		close(raw6socket);
 		errno = mst;
 		return -1;
 	}
 	return raw6socket;
 }
 static int close_raw6_socket(void) {
 	if (raw6socket < 0) {
 		errno = EALREADY;
 		perror("Raw socket is not set");
 		return -1;
 	}
 	if (close(raw6socket)) {
 		perror("Unable to close raw socket");
 		pthread_mutex_destroy(&rawsocket_lock);
 		return -1;
 	}
 	pthread_mutex_destroy(&raw6socket_lock);
 	raw6socket = -2;
 	return 0;
 }
 static int send_raw_ipv4(const uint8_t *pkt, uint32_t pktlen) {
 	int ret;
 	if (pktlen > AVAILABLE_MTU) return -ENOMEM;
 	struct iphdr *iph;
 	if ((ret = ip4_payload_split(
 	(uint8_t *)pkt, pktlen, &iph, NULL, NULL, NULL)) < 0) {
 		errno = -ret;
 		return ret;
 	}
 	struct sockaddr_in daddr = {
 		.sin_family = AF_INET,
 		/* Always 0 for raw socket */
 		.sin_port = 0,
 		.sin_addr = {
 			.s_addr = iph->daddr
 		}
 	};
 	if (config.threads != 1)
 		pthread_mutex_lock(&rawsocket_lock);
 	int sent = sendto(rawsocket, 
 	    pkt, pktlen, 0, 
 	    (struct sockaddr *)&daddr, sizeof(daddr));
 	if (config.threads != 1)
 		pthread_mutex_unlock(&rawsocket_lock);
 	/* The function will return -errno on error as well as errno value set itself */
 	if (sent < 0) sent = -errno;
 	return sent;
 }
 static int send_raw_ipv6(const uint8_t *pkt, uint32_t pktlen) {
 	int ret;
 	if (pktlen > AVAILABLE_MTU) return -ENOMEM;
 	struct ip6_hdr *iph;
 	if ((ret = ip6_payload_split(
 	(uint8_t *)pkt, pktlen, &iph, NULL, NULL, NULL)) < 0) {
 		errno = -ret;
 		return ret;
 	}
 	struct sockaddr_in6 daddr = {
 		.sin6_family = AF_INET6,
 		/* Always 0 for raw socket */
 		.sin6_port = 0,
 		.sin6_addr = iph->ip6_dst
 	};
 	tcp6_set_checksum((void *)(uint8_t *)pkt + sizeof(struct ip6_hdr), (void *)pkt);
 	if (config.threads != 1)
 		pthread_mutex_lock(&rawsocket_lock);
 	int sent = sendto(raw6socket, 
 	    pkt, pktlen, 0, 
 	    (struct sockaddr *)&daddr, sizeof(daddr));
 	lgtrace_addp("rawsocket sent %d", sent);
 	if (config.threads != 1)
 		pthread_mutex_unlock(&rawsocket_lock);
 	/* The function will return -errno on error as well as errno value set itself */
 	if (sent < 0) sent = -errno;
 	return sent;
 }
 static int send_raw_socket(const uint8_t *pkt, uint32_t pktlen) {
 	int ret;
@@ -136,7 +269,7 @@ static int send_raw_socket(const uint8_t *pkt, uint32_t pktlen) {
 		switch (config.fragmentation_strategy) {
 			case FRAG_STRAT_TCP:
-				if ((ret = tcp4_frag(pkt, pktlen, AVAILABLE_MTU-128,
+				if ((ret = tcp_frag(pkt, pktlen, AVAILABLE_MTU-128,
 					buff1, &buff1_size, buff2, &buff2_size)) < 0) {
 					errno = -ret;
@@ -173,37 +306,16 @@ static int send_raw_socket(const uint8_t *pkt, uint32_t pktlen) {
 		return sent;
 	}
 	int ipvx = netproto_version(pkt, pktlen);
 	if (ipvx == IP4VERSION) 
 		return send_raw_ipv4(pkt, pktlen);
 	else if (ipvx == IP6VERSION) 
 		return send_raw_ipv6(pkt, pktlen);
-	struct iphdr *iph;
+	printf("proto version %d is unsupported\n", ipvx);
-
+	return -EINVAL;
 	if ((ret = ip4_payload_split(
 	(uint8_t *)pkt, pktlen, &iph, NULL, NULL, NULL)) < 0) {
 		errno = -ret;
 		return ret;
 	}
 	struct sockaddr_in daddr = {
 		.sin_family = AF_INET,
 		/* Always 0 for raw socket */
 		.sin_port = 0,
 		.sin_addr = {
 			.s_addr = iph->daddr
 		}
 	};
 	pthread_mutex_lock(&rawsocket_lock);
 	int sent = sendto(rawsocket, 
 	    pkt, pktlen, 0, 
 	    (struct sockaddr *)&daddr, sizeof(daddr));
 	pthread_mutex_unlock(&rawsocket_lock);
 	/* The function will return -errno on error as well as errno value set itself */
 	if (sent < 0) sent = -errno;
 	return sent;
 }
@@ -277,9 +389,6 @@ void delay_packet_send(const unsigned char *data, unsigned int data_len, unsigne
 	pthread_detach(thr);
 }
 static int queue_cb(const struct nlmsghdr *nlh, void *data) {
 	char buf[MNL_SOCKET_BUFFER_SIZE];
@@ -315,8 +424,8 @@ static int queue_cb(const struct nlmsghdr *nlh, void *data) {
 	if (attr[NFQA_MARK] != NULL) {
 		// Skip packets sent by rawsocket to escape infinity loop.
-		if ((ntohl(mnl_attr_get_u32(attr[NFQA_MARK])) & RAWSOCKET_MARK) == 
+		if ((ntohl(mnl_attr_get_u32(attr[NFQA_MARK])) & config.mark) == 
-			RAWSOCKET_MARK) {
+			config.mark) {
 			return fallback_accept_packet(packet.id, *qdata);
 		}
 	}
@@ -399,12 +508,18 @@ int init_queue(int queue_num) {
 		ret = mnl_socket_recvfrom(nl, buf, BUF_SIZE);
 		if (ret == -1) {
 			perror("mnl_socket_recvfrom");
-			continue;
+			goto die;
 		}
 		ret = mnl_cb_run(buf, ret, 0, portid, queue_cb, &qdata);
 		if (ret < 0) {
-			perror("mnl_cb_run");
+			lgerror("mnl_cb_run", -EPERM);
 			if (errno == EPERM) {
 				printf("Probably another instance of youtubeUnblock with the same queue number is running\n");
 			} else {
 				printf("Make sure the nfnetlink_queue kernel module is loaded\n");
 			}
 			goto die;
 		}
 	}
@@ -464,6 +579,14 @@ int main(int argc, char *argv[]) {
 		exit(EXIT_FAILURE);
 	}
 	if (config.use_ipv6) {
 		if (open_raw6_socket() < 0) {
 			perror("Unable to open raw socket for ipv6");
 			close_raw_socket();
 			exit(EXIT_FAILURE);
 		}
 	}
 	struct queue_res *qres = &defqres;
 	if (config.threads == 1) {
@@ -496,11 +619,10 @@ int main(int argc, char *argv[]) {
 		}
 	}
-	if (close_raw_socket() < 0) {
+	close_raw_socket();
-		perror("Unable to close raw socket");
+	if (config.use_ipv6)
-		exit(EXIT_FAILURE);
+		close_raw6_socket();
 	}
-	return qres->status;
+	return -qres->status;
 }
Author	SHA1	Message	Date
Vadim Vetrov	3d50c00e4f	Fix internet :) Related to #96	2024-08-29 19:28:26 +03:00
Vadim Vetrov	0a679ea41c	Update version grabber	2024-08-29 18:13:51 +03:00
Vadim Vetrov	cad262f201	Update docs for entware	2024-08-29 17:45:11 +03:00
Vadim Vetrov	8b23ab762d	Fix issue with synfake and two youtubeUnblock instances one after another	2024-08-29 15:55:05 +03:00
Vadim Vetrov	3d9481d72d	Allow to select synfake length	2024-08-29 15:49:01 +03:00
Vadim Vetrov	0f71d5f3c4	Add synfake option	2024-08-29 14:45:27 +03:00
Vadim Vetrov	33b0ca421b	Update default value of frag-sni-pos Related to #43 and probably other issues with some ISPs. Some providers throws RST on 2 bytes tcp, but no RST on 1 byte	2024-08-29 12:21:34 +03:00
Vadim Vetrov	bc398cbd02	Merge branch 'main' of github.com:Waujito/youtubeUnblock	2024-08-29 09:10:51 +03:00
Vadim Vetrov	491d485260	Allow to change default mark Related to #96	2024-08-29 09:09:57 +03:00
Vadim Vetrov	f273d9cc7a	Update README.md	2024-08-28 15:54:37 +03:00
Vadim Vetrov	c101adcd07	entware for entware	2024-08-28 14:00:29 +03:00
Vadim Vetrov	725dc1a6d2	Allow tune randseq offsets. May be useful for #94	2024-08-27 23:23:54 +03:00
Vadim Vetrov	3b5276c834	Merge pull request #93 from Waujito/ipv6 Support for ipv6	2024-08-27 13:03:38 -07:00
Vadim Vetrov	d16805871f	Trace logs update	2024-08-27 21:21:33 +03:00
Vadim Vetrov	5a30ac427b	Add option to disable ipv6, document ipv6	2024-08-27 20:01:34 +03:00
Vadim Vetrov	a3a497bc82	Merge branch 'main' into ipv6	2024-08-27 19:42:20 +03:00
Vadim Vetrov	d530dd26d1	Support for ipv6	2024-08-27 19:27:27 +03:00
Vadim Vetrov	564820ce38	Related to #86	2024-08-26 21:21:42 +03:00
Denis Strizhkin	de9b42ae46	add options of choosing to use system libs	2024-08-21 18:40:23 +03:00
Vadim Vetrov	c10393983a	Fix bug with pastseq and frag-sni-faked	2024-08-21 12:25:13 +03:00
Vadim Vetrov	e62d76e1d6	pastseq by default Pastseq is a way more stable than randseq since some providers just drop packets with invalid conntrack state.	2024-08-21 11:53:10 +03:00
Vadim Vetrov	a859472ef3	Merge branch 'zabbius-main'	2024-08-18 19:44:38 +03:00
Vadim Vetrov	71a6711b40	Merge branch 'main' of github.com:zabbius/youtubeUnblock into zabbius-main	2024-08-18 19:44:24 +03:00
Vadim Vetrov	78ed6a1d72	Merge branch 'dev'	2024-08-18 19:32:42 +03:00
Vadim Vetrov	e8d86b9df6	Do not delete all libraries on every clean	2024-08-18 18:32:43 +03:00
Sergey Zabodalov	c5e941a53b	Merge branch 'Waujito:main' into main	2024-08-18 02:01:24 +03:00
Vadim Vetrov	551fb5d38d	Update README.md	2024-08-17 12:55:08 +03:00
Vadim Vetrov	b434ef4b7f	Add compatibility with v0.2.2	2024-08-17 12:51:53 +03:00
Vadim Vetrov	6cf2ec5504	Update README.md	2024-08-16 22:55:59 +03:00
Vadim Vetrov	a546e783c6	Add support for tcp_check and past sequence faking strategies	2024-08-16 22:47:55 +03:00
Vadim Vetrov	1c5d4e68d9	Add few logs, minor improvements	2024-08-16 22:23:55 +03:00
Vadim Vetrov	fa0552ba66	#71	2024-08-15 14:10:38 +03:00
Vadim Vetrov	51c21a89fd	Fix endian source	2024-08-15 02:58:03 +03:00
Vadim Vetrov	af6e993c07	Merge branch 'main' into dev	2024-08-15 02:46:21 +03:00
Vadim Vetrov	044801efb9	Add support for bruteforce mode of parsing SNI from Client Hello.	2024-08-15 02:31:48 +03:00
Vadim Vetrov	7f340fb033	Merge branch 'quic' into dev	2024-08-15 01:50:52 +03:00
Vadim Vetrov	727e909db1	Add documentation for QUIC	2024-08-15 01:50:12 +03:00
Vadim Vetrov	460f392a91	Update README.md	2024-08-14 19:58:35 +03:00
Vadim Vetrov	b76cc5fcee	Update names of outputs	2024-08-14 19:36:37 +03:00
Vadim Vetrov	b68052efa2	Merge pull request #66 from spvkgn/ci-workflow CI workflow	2024-08-14 07:09:14 -07:00
spvkgn	9af85abc84	CI workflow	2024-08-14 17:54:29 +05:00
Vadim Vetrov	59d19646a6	Support for new firmware (#56 )	2024-08-14 12:28:25 +03:00
Vadim Vetrov	bcdf1810c4	Merge branch 'main' into dev	2024-08-13 20:51:16 +03:00
Vadim Vetrov	0aef6a991b	Merge branch 'main' into quic	2024-08-13 20:50:24 +03:00
Vadim Vetrov	f3db464b97	Add initial support for QUIC, improve logging capabilities. Add TRACE logging mode	2024-08-13 20:48:35 +03:00
Vadim Vetrov	e8519b4973	Fix error on enable in init script openwrt Check #56 and #37 for more details. Real commit made to openwrt branch. Pushing this to restart actions	2024-08-13 19:33:52 +03:00
Vadim Vetrov	dfc2277efc	Merge pull request #62 from Viktor45/main Update Readme.md	2024-08-13 03:55:44 -07:00
Viktor45	0160c26618	Update Readme.md Normalize the document, make it more readable, correct some typos	2024-08-13 13:18:58 +03:00
Vadim Vetrov	4a8f0d18a9	Skeleton for quic initial message parser	2024-08-13 01:59:47 +03:00
Vadim Vetrov	d5db8c18e5	Types to distinct file common for the entire program	2024-08-13 01:59:04 +03:00
Vadim Vetrov	e6367c72bd	Update README.md	2024-08-12 23:16:12 +03:00
Vadim Vetrov	aafa1a728a	Merge #57 by @zabbius to dev minor - removed duplicated code in args.c	2024-08-12 15:24:57 +03:00
Vadim Vetrov	219062aae2	Fix segfault bufs, update coding style	2024-08-12 15:22:04 +03:00
zabbius	24826f851d	removed duplicated code in args.c	2024-08-12 04:52:03 +03:00